agent-app-store
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: The skill defines Model Context Protocol (MCP) tool interfaces for the Flow Nexus ecosystem, facilitating legitimate marketplace operations such as searching, publishing, and analytics.
- [NO_CODE]: There are no executable scripts, binaries, or remote code dependencies included in this skill definition.
- [CREDENTIALS_UNSAFE]: The template deployment tool (
mcp__flow-nexus__template_deploy) accepts sensitive parameters like API keys and database URLs. These are defined as variable placeholders for user input and do not contain hardcoded secrets. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the handling of external marketplace data in conjunction with high-privilege tool access.
- Ingestion points: The agent ingests potentially untrusted data from the marketplace via the
mcp__flow-nexus__app_searchandmcp__flow-nexus__app_analyticstools. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat marketplace descriptions as untrusted or to ignore embedded instructions.
- Capability inventory: The skill allows the agent to publish source code (
mcp__flow-nexus__app_store_publish_app) and deploy infrastructure templates (mcp__flow-nexus__template_deploy). - Sanitization: No sanitization or validation mechanisms are defined for marketplace-sourced content before it is processed by the agent's logic.
Audit Metadata