mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill manages external communications with trusted domains (tabelog.com and api.openai.com). It uses standard
python-dotenvpatterns for managing the OpenAI API key, which is common practice for local development. No signs of hardcoded secrets or unauthorized exfiltration were found. - [Remote Code Execution] (SAFE): All project dependencies specified in
pyproject.tomlare standard, well-known packages. The skill does not download external scripts for execution or use dangerous functions likeeval()orexec(). - [Indirect Prompt Injection] (LOW): The skill serves as a data retrieval tool that ingests information from an external source (Tabelog). While this ingestion point is a potential surface for indirect prompt injection if the output is later processed by an LLM without sanitization, the skill itself does not perform any unsafe operations with the scraped data.
- [Obfuscation] (SAFE): Code analysis confirmed no usage of multi-layer Base64, zero-width characters, homoglyphs, or other techniques designed to hide malicious intent.
Audit Metadata