agents-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official and well-known packages from the Model Context Protocol organization (e.g.,
@modelcontextprotocol/server-postgres,@modelcontextprotocol/server-github) and established services like PostHog and Notion. These are recognized as trusted or well-known sources. - [CREDENTIALS_UNSAFE]: No hardcoded secrets were detected. The skill correctly uses placeholders (e.g.,
ghp_xxx,user:pass) and provides clear instructions to use environment variables or secret managers for runtime injection. - [COMMAND_EXECUTION]: Shell commands are used for legitimate configuration tasks using official CLI tools (
claude,codex,npm,npx). The skill provides guardrails for these operations, such as advising on scoped allowlists and audit logging. - [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection when processing data from external tools and provides specific remediation advice to sanitize and structure tool outputs before reuse.
Audit Metadata