fastmcp
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The AI agents defined in
mcp-builder.mdandmcp-scaffold.mdingest user-provided requirements to generate executable server code and configurations. This creates a surface where malicious user input could potentially influence the generated output or logic. - Ingestion points: User-provided project names, descriptions, and tool requirements entering the agent context via chat or input.
- Boundary markers: Absent; the agents rely on system instructions and predefined templates rather than explicit markers to delimit untrusted data.
- Capability inventory: The agents utilize
Write,Edit, andBashtools to create/modify project files and execute scripts liketest-server.shandcheck-versions.sh. - Sanitization: The skill does not implement explicit sanitization or escaping of user-provided strings before interpolating them into generated TypeScript or Python code.
- Dynamic Execution (LOW): The
scripts/test-server.shscript employs a heredoc to generate a temporary Python test script (Clientlogic) which is then executed viapython3. This is a common developer pattern for integration testing but involves runtime code generation and execution. - Data Exposure & Exfiltration (SAFE): No evidence of hardcoded credentials or data exfiltration was detected. The
scripts/deploy-cloud.shscript includes a positive security feature that uses grep-based patterns to actively warn users against hardcoded API keys and secrets in their server implementations.
Audit Metadata