mcp-create-declarative-agent
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access behaviors were detected.
- [CREDENTIALS_UNSAFE]: The skill includes templates for environment files (
.env.local) that reference sensitive keys likeCLIENT_SECRET. These are explicitly provided as placeholders for the user to populate, which is a standard and safe development practice. - [EXTERNAL_DOWNLOADS]: References to external services and schemas target trusted organizations (Microsoft, GitHub) and well-known services (Atlassian/Jira). These references are documented neutrally as they point to official documentation and API endpoints.
- [COMMAND_EXECUTION]: The skill utilizes tools to create and edit files within the user's workspace. This functionality is consistent with its stated purpose of scaffolding a new project structure and is used as intended.
Audit Metadata