bootstrap-python-mcp-service
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/assess_api_for_mcp.py employs importlib.import_module() to dynamically load Python modules as specified by the user via the --fastapi CLI argument. This capability is used to inspect FastAPI application routes for MCP mapping guidance.\n- [COMMAND_EXECUTION]: The shell script scripts/init_fastmcp_service.sh performs several system operations using uv, git, and sed, and invokes auxiliary scripts located within the project's directory structure.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the scripts/assess_api_for_mcp.py utility. The script ingests metadata from external OpenAPI or FastAPI sources and includes it in reports meant for agent consumption.\n
- Ingestion points: scripts/assess_api_for_mcp.py reads data from files provided via --openapi or modules via --fastapi.\n
- Boundary markers: The generated report does not include markers or instructions to disregard potential commands embedded in the processed metadata.\n
- Capability inventory: The skill can execute shell commands, manage files, and access the network via uv.\n
- Sanitization: No sanitization is applied to the text extracted from external API definitions before its inclusion in the generated report.\n- [EXTERNAL_DOWNLOADS]: The scripts/init_fastmcp_service.sh script installs the fastmcp and pydantic packages from the official Python Package Index (PyPI).
Audit Metadata