mcp-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a reference for building MCP servers and does not contain any malicious code, obfuscated scripts, or unauthorized system access patterns.
- [EXTERNAL_DOWNLOADS]: References official MCP resources from modelcontextprotocol.io and GitHub repositories under the modelcontextprotocol organization. These are recognized as trusted sources for development guidelines and SDKs.
- [DATA_EXPOSURE]: Configuration examples use explicit placeholders such as 'your-key-here' for API keys, adhering to security best practices. The skill also recommends using environment variables for authentication.
- [PROMPT_INJECTION]: The skill documents an attack surface for indirect prompt injection via tool input parameters (e.g., search queries). 1. Ingestion points: The 'query' argument in the Python tool example in SKILL.md. 2. Boundary markers: Absent in the basic code snippets, which are intended as simple templates. 3. Capability inventory: The skill manifest declares 'Read', 'Write', and 'Bash' capabilities for the agent. 4. Sanitization: The documentation proactively recommends validation and sanitization patterns using libraries like Pydantic in its reference sections.
Audit Metadata