Skills
skills/hack23/homepage/mcp-server-integration/Gen Agent Trust Hub

mcp-server-integration

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs official Model Context Protocol server packages from the npm registry, including @modelcontextprotocol/server-filesystem, @modelcontextprotocol/server-memory, @modelcontextprotocol/server-sequential-thinking, and @playwright/mcp.
  • [COMMAND_EXECUTION]: Defines local commands to initiate MCP servers, such as mcp-server-filesystem and mcp-server-memory, as well as package execution via npx for the Playwright integration.
  • [PROMPT_INJECTION]: Contains a vulnerability surface for Indirect Prompt Injection (Category 8).
  • Ingestion points: Processes external data from web pages via playwright-browser_navigate, local files via filesystem-read_text_file, and GitHub repository content.
  • Boundary markers: No explicit delimiters or instructions to disregard embedded instructions are defined for the data processed by these tools.
  • Capability inventory: Includes high-impact capabilities such as writing to the filesystem (filesystem-write_file), modifying GitHub repositories (github-create_issue), and browser automation.
  • Sanitization: The configuration does not specify any sanitization or validation routines for data fetched from untrusted external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 09:47 PM