mcp-installer
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python helper script (
scripts/list_mcps.py) to index and display documented MCP servers from the local filesystem. - [COMMAND_EXECUTION]: Facilitates the configuration and execution of MCP servers as local subprocesses. It provides templates that define executable commands (e.g.,
npx,node,python3) and arguments that the host environment will run to provide tool capabilities. - [EXTERNAL_DOWNLOADS]: Recommends the discovery and installation of MCP servers from external registries like npm and GitHub. Multiple examples use
npx -y, which downloads and executes code from the npm registry at runtime. These references primarily target trusted organizations or well-known services. - [PROMPT_INJECTION]: Subject to Indirect Prompt Injection risks. The skill workflow involves searching for and reading third-party MCP documentation from the internet to generate local reference files and configuration.
- Ingestion points: Data enters the agent's context through
websearchandwebfetchduring the discovery phase and when reading content from the generated documentation files inreferences/mcps/. - Boundary markers: The skill does not implement specific delimiters or safety warnings within its documentation templates to distinguish between instructions and data when processing external content.
- Capability inventory: The skill possesses file-writing capabilities (creating markdown files), configuration modification (writing to
opencode.json), and indirectly enables command execution by defining the command strings for the MCP runtime. - Sanitization: No explicit sanitization or validation of the external content is performed before it is integrated into the local documentation or configuration structures.
Audit Metadata