mcp-server-evaluations
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network operations via
curlandfetchto interact with external or local MCP servers. - Evidence:
SKILL.mdandscripts/basic.test.tspermit connections to arbitrary endpoints defined by the user via theMCP_ENDPOINTvariable. - [Indirect Prompt Injection] (LOW): The skill has an attack surface for indirect prompt injection as it ingests and processes tool metadata and responses from untrusted external servers.
- Ingestion points: Server-provided tool names, descriptions, and call results are read in
SKILL.md(Phases 2 and 3) andscripts/basic.test.ts. - Boundary markers: Absent; server output is not encapsulated with protective delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill possesses the ability to execute shell commands and scripts via
BashandNoderuntimes. - Sanitization: Data received from the MCP server is parsed as JSON but not specifically sanitized for natural language instructions before being presented to the agent context.
- [Command Execution] (SAFE): The skill executes local scripts included in the distribution (
scripts/basic.test.ts,scripts/run-basic-tests.sh). - Evidence: These scripts are part of the skill's source and are used for automated testing as described in the documentation.
Audit Metadata