mcp-integration-expert
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill references official SDKs and tools from trusted organizations, including the Model Context Protocol organization, Microsoft, and Anthropic. All links point to reputable documentation and source code repositories.
- COMMAND_EXECUTION (SAFE): Installation instructions utilize standard package managers (pip, npm, dotnet) to fetch well-known, legitimate libraries. The provided command examples are benign and educational.
- CREDENTIALS_UNSAFE (SAFE): No secrets or API keys are hardcoded. The skill correctly demonstrates how to use environment variables to handle sensitive authentication data safely.
- DATA_EXFILTRATION (SAFE): There are no signs of unauthorized data access. The skill actively teaches users how to implement safety checks to prevent unauthorized file access (e.g., using
os.path.normpathand directory prefix validation). - PROMPT_INJECTION (SAFE): No instructions were found that attempt to manipulate agent behavior or bypass safety guardrails.
- INDIRECT_PROMPT_INJECTION (LOW): As a tool-building guide, the skill acknowledges the risks of processing untrusted data and provides architectural advice and code snippets for sanitizing inputs and enforcing least privilege.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata