mcp-server-installation
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the 'happy-platform-mcp' package from the public npm registry and clones the source code from the author's official GitHub repository. These are identified as legitimate vendor-owned resources.
- [COMMAND_EXECUTION]: Uses standard development tools including 'npm', 'npx', and 'git' to perform installation and configuration tasks. These operations are restricted to the intended purpose of the skill.
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by enabling the agent to ingest and process data from external ServiceNow instances (e.g., via 'SN-Query-Table').
- Ingestion points: External data enters the agent context via ServiceNow API tools ('SN-Query-Table', 'SN-NL-Search').
- Boundary markers: None explicitly mentioned in the installation instructions.
- Capability inventory: The installed server provides powerful capabilities including 'SN-Execute-Background-Script' and 'SN-Execute-Fix-Script' as referenced in the skill body.
- Sanitization: Sanitization logic is expected to be handled by the MCP server itself; no specific sanitization instructions are provided in the setup guide.
Audit Metadata