claude-code-mcp
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to use
npx -yto download and run packages like@modelcontextprotocol/server-postgresand@modelcontextprotocol/server-filesystem. These packages are from an organization not included in the provided trusted sources list. - REMOTE_CODE_EXECUTION (MEDIUM): Use of
npxfacilitates the execution of remote code on the local system during server configuration. - COMMAND_EXECUTION (MEDIUM): The skill requires shell command execution (
npx,claude mcp,export) to configure and validate MCP server connections. - PROMPT_INJECTION (LOW): As a tool-integration skill, it introduces an indirect prompt injection surface (Category 8) where tool outputs from MCP servers are processed by the agent. Ingestion points: Tool outputs from configured MCP servers. Boundary markers: Documentation recommends production guardrails but the config itself lacks hard delimiters. Capability inventory: Subprocess execution and filesystem/database access. Sanitization: Documentation recommends sanitizing and structuring tool outputs before reuse.
Audit Metadata