mcp-audit
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill directs the agent to ingest and analyze untrusted data from external repositories, which could contain malicious instructions designed to compromise the agent or influence the audit results.
- Ingestion points: The skill instructions in
SKILL.mdandreferences/checklist.mdrequire the agent to read and evaluate tool definitions, descriptions, and prompt content from external MCP servers. - Boundary markers: There are no explicit instructions or delimiters provided to isolate untrusted content or warn the agent against executing instructions found within the audited data.
- Capability inventory: The skill workflow includes capabilities for command execution (running tests) and file system interactions.
- Sanitization: No sanitization or validation steps for external content are described prior to processing.
- [COMMAND_EXECUTION]: Execution of Untrusted Code. The workflow instructs the agent to execute validation commands and integration tests located within the repository being audited.
- Evidence:
SKILL.md(Step 7) andreferences/checklist.md(Automation expectations) explicitly instruct the agent to "Prefer existing integration tests" and "Finish with the repo's normal validation commands". This poses a high risk if the repository being audited contains malicious code or environment configurations designed to exploit the agent during the test execution phase.
Audit Metadata