mcp-integration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the agent to install and run 'pulsemcp-server' using 'npx -y'. This command downloads and executes packages from the npm registry without manual verification, which is a significant vector for supply chain attacks.\n- [REMOTE_CODE_EXECUTION] (HIGH): By encouraging the use of 'npx -y' for unverified third-party packages, the skill creates a direct path for remote code execution on the user's system.\n- [COMMAND_EXECUTION] (HIGH): The examples provided (e.g., in 'stdio-server.json') demonstrate the capability to execute local scripts and binaries with environment variables like 'DATABASE_URL', which could be exploited if the agent is tricked into using malicious configurations.\n- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Surface Detected. The skill's primary discovery mechanism relies on fetching data from an external website ('pulsemcp.com') to drive configuration decisions.\n
- Ingestion points: Search results and detail pages from 'https://www.pulsemcp.com' are parsed by the agent as described in 'references/server-discovery.md'.\n
- Boundary markers: Absent; there are no instructions to isolate or treat external data as untrusted.\n
- Capability inventory: The skill has the capability to execute shell commands ('npx'), access local files ('server-filesystem'), and make network requests ('examples/http-server.json').\n
- Sanitization: Absent; the agent is expected to directly use the 'slug' and 'description' from the website to generate executable configurations.
Recommendations
- AI detected serious security threats
Audit Metadata