mcp-gateway-security
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is entirely educational, providing security patterns and threat models for MCP gateway communications.
- [NO_CODE]: No executable scripts or software packages are included in the skill files.
- [CREDENTIALS_UNSAFE]: The skill correctly uses environment variable placeholders (e.g.,
${GITHUB_TOKEN}) and explicitly advises against hardcoding credentials. - [PROMPT_INJECTION]: No malicious injection patterns or instructions to bypass safety filters were found in the markdown body or metadata.
- [DATA_EXFILTRATION]: No code for transmitting sensitive information to external servers exists. The skill focuses on defensive logging and output sanitization.
Audit Metadata