setup-serena-mcp
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches documentation and setup guides from the official repository and documentation site for Serena on GitHub (
raw.githubusercontent.com/oraios/serenaandoraios.github.io). These resources are used to inform the agent's configuration process. - [COMMAND_EXECUTION]: Guides the user through the installation and initialization of the Serena tool using
uvandserenaCLI commands. The agent facilitates the setup by providing the necessary instructions for the user to execute locally. - [DATA_EXPOSURE_AND_EXFILTRATION]: Modifies project-level (
CLAUDE.md) and user-level (~/.claude/CLAUDE.md) configuration files to register the MCP server. This is a standard and expected behavior for configuring the AI agent's environment. - [PROMPT_INJECTION]: The skill ingests external content from remote documentation URLs, creating an indirect prompt injection surface.
- Ingestion points: External Markdown and HTML documentation loaded in step 3.
- Boundary markers: Absent.
- Capability inventory: File system writes to configuration files and guidance for shell command execution.
- Sanitization: None performed on the ingested content.
Audit Metadata