mcp-server-development
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): No instructions were found that attempt to bypass AI safety filters or exfiltrate the system prompt.
- Data Exposure & Exfiltration (SAFE): The skill contains no hardcoded credentials or sensitive file access patterns. It actually provides a validation rule to detect and prevent hardcoded secrets in MCP server code.
- Unverifiable Dependencies (LOW): The skill references a local file 'references/patterns.md' that was not included in the analysis set; however, no remote script execution or untrusted package downloads were identified.
- Indirect Prompt Injection (LOW): While the skill involves processing external descriptions and code, it is primarily a documentation and validation aid without side-effect capabilities (like file writes or network requests), posing negligible risk.
- Dynamic Execution (SAFE): No use of eval, exec, or unsafe deserialization was found in the reference material.
Audit Metadata