Skills
skills/toddlevy/tl-agent-skills/tl-openmeter-api-mcp-server/Gen Agent Trust Hub

tl-openmeter-api-mcp-server

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes and returns data from an external OpenMeter API to the agent. This represents an indirect prompt injection surface.
  • Ingestion points: Data enters the agent context through various tools in src/client.ts that fetch meter data, customer records, and usage statistics.
  • Boundary markers: None. API responses are stringified as JSON and returned directly to the agent.
  • Capability inventory: The skill has the ability to create and modify state in the OpenMeter instance (creating customers, subscriptions, and ingesting events).
  • Sanitization: There is no evidence of sanitization or filtering of API responses to prevent embedded instructions from influencing the agent.
  • [DATA_EXPOSURE]: The skill uses an OPENMETER_API_KEY for authentication. It correctly follows security best practices by reading this from environment variables rather than hardcoding it.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to a user-configurable OPENMETER_URL. This is necessary for its primary function but involves transmitting data to an external endpoint.
  • [FILE_ACCESS]: In src/index.ts, the skill attempts to read a file from a sibling directory (../../tl-openmeter-api/SKILL.md) to provide a 'quick reference' resource. This is a local file read restricted to the skill suite's own documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 03:24 AM