webmcp
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill implements a tool-calling framework that creates an indirect prompt injection surface. \n
- Ingestion points: Tools ingest data via parameters defined in the
inputSchemainSKILL.mdandrules/tool-definition.md. \n - Boundary markers: No specific LLM-level boundary markers or delimiters are suggested for isolating untrusted tool input within the agent's prompt. \n
- Capability inventory: The skill provides examples of tools with sensitive capabilities, including
deleteAccount(rules/security.md),submitOrder(rules/dynamic-registration.md), andcartApi.add(SKILL.md). \n - Sanitization: The skill emphasizes robust client-side validation of all parameters and mandatory user confirmation for irreversible or destructive actions via the
agent.requestUserInteraction()API (rules/security.md).
Audit Metadata