mcp-testing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): The skill defines a specific identity and operational principles related to MCP testing. It does not contain instructions to bypass safety filters, ignore system prompts, or reveal internal configurations.
- [Data Exposure & Exfiltration] (SAFE): There are no hardcoded credentials, sensitive file path references (e.g., .ssh, .aws), or network-related commands like curl or wget.
- [Remote Code Execution] (SAFE): The file consists entirely of markdown instructions. No shell commands, script execution, or remote download patterns are present.
- [Indirect Prompt Injection] (INFO): The skill directs the agent to prioritize information from local reference files (
references/patterns.md, etc.). While these files influence the agent's reasoning, they are treated as static internal documentation and do not constitute an external untrusted data surface with side-effect capabilities. - [Obfuscation] (SAFE): No encoded strings (Base64), zero-width characters, or hidden Unicode tags were detected.
Audit Metadata