mcp-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The content consists of development documentation and code snippets. No instructions to bypass AI safety filters or override system constraints were found.- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets, API keys, or unauthorized data transmission logic were detected. Configuration examples use placeholder environment variables like DB_HOST.- [External Downloads] (LOW): The skill references the @modelcontextprotocol/sdk and @modelcontextprotocol/inspector packages. These are official tools from a trusted organization (Anthropic), making the reference low risk per [TRUST-SCOPE-RULE].- [Indirect Prompt Injection] (SAFE): Although the skill provides templates for tools that process external data, it explicitly mandates security best practices including input validation with Zod and parameterized database queries to mitigate injection risks.- [Dynamic Execution] (SAFE): No use of unsafe dynamic execution functions such as eval() or exec() was detected in the provided TypeScript examples.
Audit Metadata