helium-mcp
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configures a connection to a remote Model Context Protocol (MCP) server at
https://heliumtrades.com/mcpto provide its core functionality. This is the intended design for this skill to access the vendor's data services.\n- [PROMPT_INJECTION]: Theget_bias_from_urltool retrieves and processes content from third-party article URLs, which creates a surface for indirect prompt injection where hidden instructions on the target site could influence agent behavior.\n - Ingestion points: The
urlparameter in theget_bias_from_urltool defined in SKILL.md.\n - Boundary markers: Absent; the skill does not provide specific instructions to the agent to isolate or ignore instructions contained within the fetched content.\n
- Capability inventory: Network retrieval and text synthesis tools are used to process external content.\n
- Sanitization: Not specified; external content is analyzed for bias markers without explicit mention of instruction filtering.
Audit Metadata