Skills
skills/jpoutrin/product-forge/setup-mcp-auth/Gen Agent Trust Hub

setup-mcp-auth

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill collects configuration parameters like role names, headers, and URLs through interactive prompts and incorporates them into code templates. Without explicit sanitization or escaping logic, this creates a surface for indirect prompt injection where malicious input could influence the generated code structure. Ingestion points include steps for authentication provider and role configuration.
  • [COMMAND_EXECUTION]: The skill uses templates to dynamically generate and write executable TypeScript code. Placeholder values are populated with user-provided input. In the absence of proper escaping, malformed input could lead to unintended code injection or vulnerabilities in the generated server code.
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing 'get-jwks' and 'fast-jwt' for handling JWT validation. These are recognized libraries for standard security implementations.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 06:50 AM