developing-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill primarily consists of documentation and educational materials. It contains no executable scripts that would perform malicious operations upon loading or during typical use.
- [COMMAND_EXECUTION]: The documentation includes code examples using
child_process.spawnandchild_process.exec. These are explicitly presented as educational snippets in a security context to teach developers the difference between secure and insecure command execution (e.g., avoiding shell interpolation). - [EXTERNAL_DOWNLOADS]: The guides instruct users on how to install standard development libraries from well-known and trusted sources, such as
@modelcontextprotocol/sdk(MCP official),@google/genai(Google), and other common utilities likezodandexpress. - [PROMPT_INJECTION]: The skill includes examples of prompt injection attacks within its security reference file (
SECURITY.md). These are used as teaching tools to demonstrate how to implement mitigations such as 'Instructional Fencing' and 'Sanitization'.
Audit Metadata