agent-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill references and suggests the installation of official Node.js packages from the @modelcontextprotocol scope (e.g., @modelcontextprotocol/sdk). These are recognized as part of the official MCP ecosystem maintained by a trusted organization. Per the trust-scope rule, these findings are downgraded to LOW.\n- COMMAND_EXECUTION (LOW): The skill utilizes Bash and npx for tasks such as scaffolding new servers and running the MCP inspector. This is a high-privilege capability but is necessary for the skill's primary purpose of agent and tool development.\n- Indirect Prompt Injection (LOW): The skill includes tools for fetching external web content (WebFetch, Firecrawl) and has the capability to write files and execute shell commands. This creates a surface for indirect prompt injection if the agent processes malicious instructions from the web. \n
- Ingestion points: WebFetch, mcp__firecrawl__firecrawl_search tools.\n
- Boundary markers: Absent in the provided templates.\n
- Capability inventory: Bash, Write, Edit, Read tools.\n
- Sanitization: No explicit sanitization or validation of fetched content is defined in the instructions.
Audit Metadata