dumbwaiter-mcp
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill monitors external GitHub activity, which is an ingestion surface for untrusted PR comments. Evidence: 1. Ingestion points: GitHub PR comments and reviews are ingested via the comment_received condition in SKILL.md. 2. Boundary markers: No specific delimiters are specified for the tool output. 3. Capability inventory: The skill performs network reads/writes via the GitHub API and manages local state in a SQLite database. 4. Sanitization: The tool is designed to stream raw metadata and body content from PR events to the agent.
- Command Execution (SAFE): The prerequisites section describes a manual build and execution process (cargo build) which is standard for developer-oriented MCP tools and not an automated risk.
- Credentials Unsafe (SAFE): The skill documentation properly identifies the need for a GITHUB_TOKEN environment variable and explicitly warns against token leakage and over-scoping.
Audit Metadata