fusion-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to pull and run Docker images from the author's official GitHub Container Registry (
ghcr.io/equinor/fusion-poc-mcp). These are vendor-owned resources used for the intended purpose of the skill. - [COMMAND_EXECUTION]: Provides instructions for environment setup and validation using
docker,docker compose, andgh(GitHub CLI). The recommended VS Code configuration includes security-hardening flags such as--read-only,--cap-drop=ALL, and--security-opt=no-new-privilegesto restrict the container's capabilities. - [CREDENTIALS_UNSAFE]: The skill documentation refers to necessary API keys for Azure Search and Foundry. It properly guides users to use environment variables and VS Code's secure input prompts (
${input:id}) instead of hardcoding secrets. It also includes explicit warnings for users to avoid sharing credentials and to sanitize log outputs in bug reports.
Audit Metadata