mcp-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's stated purpose involves 'reviewing MCP code' and 'debugging connection issues', which creates a primary ingestion surface for untrusted external data. Ingestion points: External source code, project configurations, and debug logs provided by users or fetched from repositories. Boundary markers: None present; the skill lacks instructions to treat external code as untrusted. Capability inventory: The toolkit provides shell commands for building ('npm run build') and executing ('node build/index.js') code. Sanitization: No sanitization, validation, or sandboxing is suggested for the code being processed.
- [Command Execution] (MEDIUM): The 'Quick Commands' section provides explicit instructions to execute local files using 'node'. While standard for development, this capability allows the agent to run code that may have been influenced by an attacker through the code review ingestion surface.
- [External Downloads] (LOW): The skill installs several packages from the npm registry using 'npm install' and 'npx'. These dependencies (@modelcontextprotocol/sdk, zod, etc.) are standard for the described task but represent the use of external software sources.
Recommendations
- AI detected serious security threats
Audit Metadata