Skills
NYC
skills/smithery/ai/mcp-management/Gen Agent Trust Hub

mcp-management

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill instructs users to install gemini-cli globally via npm. Per [TRUST-SCOPE-RULE], this is downgraded to LOW/INFO as it targets a recognized tool within the trusted Gemini ecosystem (google-gemini/gemini-cli).
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill facilitates the execution of MCP tools based on user-provided strings. This is a standard functional surface for indirect prompt injection.
  • Ingestion points: User-provided task descriptions passed to the gemini command or scripts/cli.ts.
  • Boundary markers: None explicitly defined in the provided skill documentation; relies on underlying CLI tools.
  • Capability inventory: Execution of arbitrary tools defined in local MCP server configurations via npx tsx subprocesses.
  • Sanitization: Not present in the skill instructions; sanitization is deferred to the LLM and the MCP client implementation.
  • [COMMAND_EXECUTION] (SAFE): Uses standard CLI commands (mkdir, ln, npx tsx) to manage configurations and execute local helper scripts. These actions are consistent with the skill's stated purpose of managing MCP integrations.
  • [CREDENTIALS_UNSAFE] (SAFE): While the skill references .claude/.mcp.json (which typically contains API keys or server endpoints), it only performs local configuration tasks like symlinking and reading for client initialization. No exfiltration patterns were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:45 PM