mcp-openapi-proxy
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install a binary directly from a GitHub repository using
go install github.com/rendis/mcp-openapi-proxy/cmd/mcp-openapi-proxy@latest. This is a standard installation method for Go-based tools but involves fetching and executing external code. - [COMMAND_EXECUTION]: The skill provides instructions to execute various shell commands for installation (
go install), initialization (swag init), conversion (swagger2openapi), and tool operation (mcp-openapi-proxy login/status/logout). - [PROMPT_INJECTION]: The skill processes untrusted external data in the form of OpenAPI specifications provided via the
MCP_SPECvariable, which can be a URL. This creates a surface for indirect prompt injection. - Ingestion points: OpenAPI 3.x specifications loaded from local paths or remote URLs defined in
MCP_SPEC. - Boundary markers: No specific delimiters or warnings to ignore embedded instructions are provided in the skill documentation.
- Capability inventory: The skill allows the agent to make network requests (
call_endpoint) and read specification files. - Sanitization: There is no mention of sanitization or schema validation performed on the ingested OpenAPI content before it is processed by the agent.
Audit Metadata