mcp-csharp-publish
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- Secure Secret Management: The skill explicitly instructs against hardcoding secrets, recommending the use of environment variables and Azure Key Vault for sensitive data like API keys. It includes specific warnings to avoid copying
.envfiles into Docker images. - Container Security Best Practices: The provided Dockerfile templates utilize multi-stage builds to reduce the attack surface and implement unprivileged users (
appuser) to run the application, which is a standard security hardening practice. - Trusted Tooling and Registries: All external references point to well-known, official sources including Microsoft's container registries (mcr.microsoft.com), NuGet.org, and the official Model Context Protocol registry. The suggested
mcp-publishertool is the official CLI for the protocol. - Input Validation Guidance: The security checklist includes a reminder to perform input validation on all tool parameters, helping to mitigate potential command injection or data processing vulnerabilities in the resulting MCP servers.
Audit Metadata