fusion-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the user through standard setup commands including
docker compose up,docker build, and execution of local smoke-test scripts (scripts/demo.sh,scripts/mcp-skills-smoke-check.sh). These operations are necessary for the skill's primary purpose of setting up a development environment. - [EXTERNAL_DOWNLOADS]: The skill references container images hosted on GitHub Container Registry (
ghcr.io/equinor/fusion-poc-mcp). As these resources originate from the vendor's official repository, they are considered safe for the intended workflow. - [SAFE_PRACTICE]: The skill explicitly instructs users not to expose secrets or credentials and provides a secure template for VS Code MCP configuration that uses
promptStringwithpassword: truefor API keys, ensuring credentials are never stored in the configuration files or session history.
Audit Metadata