mcp-sdk-tier-audit
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands such as
gh,git,npm,curl, andfindto verify environment state, retrieve repository metadata, and run the audit CLI utility. - [COMMAND_EXECUTION]: The skill executes a user-provided
client-cmdargument. This is an intended feature that allows users to run their own local SDK conformance clients during the audit process. - [EXTERNAL_DOWNLOADS]: The skill interacts with the GitHub API (via the
ghCLI) and a user-provided conformance server URL. These operations are required for the primary audit purpose and target trusted or user-specified endpoints. - [PROMPT_INJECTION]: The skill utilizes AI subagents to evaluate local files (README, docs, policies) from the target SDK being audited.
- Ingestion points: Markdown and text files from the user-provided
<local-path>are read and passed to subagents. - Boundary markers: Absent in subagent prompts (
docs-coverage-prompt.md,policy-evaluation-prompt.md). - Capability inventory: Shell command execution (
find) and local file writing to theresults/directory. - Sanitization: None performed on ingested file content before AI processing.
- Risk: This represents a surface for indirect prompt injection where maliciously crafted documentation in an audited repo could attempt to influence the audit outcome. This is managed as a low-risk inherent property of the tool's function.
Audit Metadata