mcp-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): Recommends installing 'gemini-cli', a package from a trusted repository (google-gemini), which reduces severity.
- [COMMAND_EXECUTION] (LOW): Executes local scripts and CLI tools to interact with MCP servers, which is essential for the skill's utility.
- [PROMPT_INJECTION] (LOW): Potential for indirect prompt injection from external MCP server data. Ingestion points: Tool and resource definitions from MCP servers. Boundary markers: None documented. Capability inventory: Shell command execution and tool orchestration. Sanitization: No evidence of sanitizing data from external servers before use.
Audit Metadata