mcp-apps-builder
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (MEDIUM): The skill depends on the '@leanmcp' scope packages which are not on the trusted external sources list, posing a supply-chain risk.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data and returns it to the agent, creating a surface for indirect prompt injection. 1. Ingestion points: 'name' and 'description' fields in the 'createItem' and 'updateItem' tools (assets/mcp-dashboard-index.ts). 2. Boundary markers: Absent; user strings are stored and returned directly. 3. Capability inventory: No dangerous capabilities (no file-system access, network exfiltration, or subprocess execution) were identified in the source code. 4. Sanitization: Input strings are used without validation or escaping.
Audit Metadata