MCP Server Management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (LOW): The skill leverages the
Bashtool to install and configure MCP servers. While this is the primary function, it grants the agent the ability to execute commands in the terminal to manage software and system settings. - [Indirect Prompt Injection] (LOW):
- Ingestion points: Project-specific files and
.mcp.jsonconfiguration data. - Boundary markers: None explicitly mentioned in the skill instructions to separate untrusted project data from system instructions.
- Capability inventory: Includes
Bash,Write, andEdit, which could be abused if malicious data in the project's codebase influences the agent's behavior. - Sanitization: No explicit sanitization or validation of the
.mcp.jsoncontent or project data is described. - [External Downloads] (LOW): The skill's purpose involves installing MCP servers, which typically requires downloading packages from registries like npm or PyPI. No untrusted specific URLs or malicious packages were identified in the static analysis of this file.
Audit Metadata