MCP Integration
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documents the use of
npx -yto fetch and run MCP server packages directly from the NPM registry, specifically citing the@modelcontextprotocol/server-filesystempackage inSKILL.mdandserver-types.md. - [REMOTE_CODE_EXECUTION]: By recommending the use of
npx -y, the skill facilitates the execution of remote code at runtime. This is presented as a standard method for deploying MCP servers. - [COMMAND_EXECUTION]: The documentation provides multiple patterns for executing local processes. This includes the
stdioserver type for running commands (e.g.,python -m my_mcp_serveror custom scripts) and theheadersHelperfeature which executes local shell scripts (e.g.,get-headers.sh) to dynamically generate authentication headers. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the processing of external tool outputs. Ingestion points: Data enters the agent's context through outputs from configured MCP tools, such as task search results or database queries mentioned in
tool-usage.mdandstdio-server.json. Boundary markers: The examples do not implement boundary markers or instructions to ignore embedded commands within the data returned by these tools. Capability inventory: The skill enables significant capabilities including subprocess execution viastdioand network operations across multiple protocols (sse,http,ws). Sanitization: No specific sanitization or validation of tool-provided data is discussed or demonstrated in the provided examples.
Audit Metadata