cursor-mcp
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill demonstrates how to configure tool servers that are downloaded and executed at runtime using
npx. These examples point to official packages from the@modelcontextprotocolorganization, which is the standard provider for these services. - [COMMAND_EXECUTION]: The documentation describes the
stdiotransport, which allows the agent to spawn subprocesses to run local MCP servers as part of its toolset. - [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external sources (such as GitHub issues or Notion pages) via MCP tools. This creates a surface for indirect prompt injection where instructions hidden in the external data could attempt to influence the agent's behavior.
- Ingestion points: External data retrieved from services like GitHub and Notion through configured MCP servers.
- Boundary markers: Not specified in the configuration examples provided in the documentation.
- Capability inventory: The setup enables the agent to execute shell commands via the
stdiotransport and perform network operations viahttpandssetransports. - Sanitization: The provided configuration snippets do not include explicit sanitization or filtering logic for tool outputs.
Audit Metadata