mcp-evaluator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from external sources during its evaluation workflow. Attackers could place malicious instructions within a repository's source code, documentation, or community forums to manipulate the assessment results.\n
- Ingestion points: GitHub repository metadata, README files, package.json, and source files (SKILL.md, Step 4); community feedback from Reddit, Twitter/X, and MCP directories like Smithery and Glama (SKILL.md, Step 5.5).\n
- Boundary markers: The evaluation workflow does not specify the use of delimiters or instructions to ignore embedded prompts within the fetched content.\n
- Capability inventory: The skill utilizes the
create_filetool to write assessment reports to the user's local filesystem and interacts with external network resources through multiple specialized MCP tools.\n - Sanitization: No explicit content sanitization, validation, or filtering of the retrieved data is mentioned before the information is processed by the agent.
Audit Metadata