Skills
skills/holon-run/webmcp-bridge/webmcp-bridge/Gen Agent Trust Hub

webmcp-bridge

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads and executes the @webmcp-bridge/local-mcp package and browser binaries via npx as part of its core bridge functionality.
  • [COMMAND_EXECUTION]: Uses the uxc link command in scripts/ensure-links.sh to create persistent local shortcuts for browser-based tool automation.
  • [INDIRECT_PROMPT_INJECTION]: Operates by consuming tool definitions and data from external websites, which serves as a potential ingestion point for untrusted content.
  • Ingestion points: Website tool schemas and page runtime data accessed via the bridge.
  • Boundary markers: None explicitly implemented for external site output; relies on JSON parsing for response validation.
  • Capability inventory: Subprocess execution via uxc and browser control via playwright.
  • Sanitization: Implements JSON structure validation (.ok == true) before consuming data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 01:34 AM