Skills
skills/naimalarain13/hackathon-ii_the-evolution-of-todo/mcp-server/Gen Agent Trust Hub

mcp-server

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill instructs users to install the 'mcp' library from the official SDK, which is a trusted dependency maintained by Anthropic.
  • [DATA_EXFILTRATION] (SAFE): Documentation includes examples for tools performing network requests (using httpx) and database queries (using SQLModel). These are standard capabilities for the intended server-side use-case.
  • [Indirect Prompt Injection] (LOW): The skill provides templates for tools that handle untrusted external input, creating a potential surface for indirect prompt injection. Ingestion points: Tool parameters in 'templates/mcp_server.py' and 'SKILL.md'. Boundary markers: Not implemented in code examples. Capability inventory: Database access ('SKILL.md' line 157) and network requests ('reference/tools.md' line 44). Sanitization: Documentation explicitly recommends input validation and parameterized queries (SKILL.md line 173), addressing the risk of the insecure f-string SQL examples provided elsewhere.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:15 PM