Skills
skills/jpoutrin/product-forge/mcp-setup/Gen Agent Trust Hub

mcp-setup

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill configures MCP servers that ingest data from untrusted external services (e.g., GitHub, Notion, Slack), creating a surface for Indirect Prompt Injection.
  • Ingestion points: External APIs, databases, and filesystems.
  • Boundary markers: None specified in the setup instructions.
  • Capability inventory: MCP tools can perform actions like database writes and API calls.
  • Sanitization: No sanitization or validation of external content is mentioned in the configuration steps.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill provides examples of downloading and executing packages from the npm registry using npx -y for local stdio servers.
  • [COMMAND_EXECUTION] (LOW): The skill involves executing shell commands (claude mcp add) to modify local system configuration files (~/.claude.json).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:50 PM