mcp-integration
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The file examples/stdio-server.json uses npx to run @modelcontextprotocol/server-filesystem, which downloads the package from the npm registry at runtime.\n- REMOTE_CODE_EXECUTION (MEDIUM): Using npx for package execution is a form of remote code execution because it fetches and runs code from an external repository in one step.\n- COMMAND_EXECUTION (LOW): The configuration defines local execution paths for Python and JavaScript servers, which are necessary for functionality but represent local process management capabilities.\n- DATA_EXPOSURE (SAFE): Sensitive credentials such as API_TOKEN and DATABASE_URL are properly handled using environment variable placeholders (${VARIABLE_NAME}) rather than hardcoded strings.\n- INDIRECT_PROMPT_INJECTION (LOW): The filesystem and database servers allow the agent to ingest data from local files and database records, creating an attack surface.\n
- Ingestion points: examples/stdio-server.json (filesystem and database entries).\n
- Boundary markers: None present in the configuration.\n
- Capability inventory: File system access, database interaction, network requests via HTTP/SSE, and subprocess spawning.\n
- Sanitization: No sanitization or validation logic is defined in these configuration files.
Audit Metadata