mcporter
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
mcporter call --stdiocommand, which enables the execution of arbitrary local processes and scripts (e.g.,bun run ./server.ts). - [EXTERNAL_DOWNLOADS]: The skill's installation process requires downloading the
mcporterpackage from the public NPM registry. - [DATA_EXFILTRATION]: The tool supports making requests to arbitrary external URLs via
mcporter call <url>, providing a mechanism for transmitting data to external endpoints. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and process outputs from various MCP servers and tools.
- Ingestion points: Data returned from MCP tools executed via
mcporter call(found in SKILL.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat tool outputs as untrusted data.
- Capability inventory: The skill possesses the ability to execute shell commands (
--stdio), perform network operations, and modify local configuration files (mcporter config). - Sanitization: No sanitization or validation logic is defined to inspect or filter the content returned by external tools before it is interpreted by the agent.
Audit Metadata