mcporter
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for using
mcporter call --stdio, which executes shell commands to launch MCP servers. This capability allows the agent to run arbitrary scripts or binaries (e.g.,bun run ./server.ts) on the host system.\n- [EXTERNAL_DOWNLOADS]: The skill metadata defines a Node.js dependency on themcporterpackage, which is installed from a remote registry during the setup process.\n- [DATA_EXFILTRATION]: The skill contains commands for authentication (mcporter auth) and remote tool calling (mcporter call <url>), which involve handling credentials and performing outbound network requests that could be repurposed for data exfiltration.\n- [PROMPT_INJECTION]: The skill exposes an Indirect Prompt Injection surface by interpolating untrusted server definitions or user-supplied tool arguments into command line executions.\n - Ingestion points: Server names, tool arguments, and remote URLs processed by the
callcommand.\n - Boundary markers: None identified; instructions do not advise the agent to ignore instructions embedded in server responses or tool parameters.\n
- Capability inventory: Full shell command execution via the
--stdioflag and network access via HTTP tool calls.\n - Sanitization: No input sanitization or validation mechanisms are described for the data passed to the
mcporterCLI.
Audit Metadata