webmcp
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local utility script (
scripts/find-webmcp-targets.mjs) to scan the filesystem. This is a legitimate operation used to identify browser application boundaries and existing WebMCP markers within the codebase. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and processes arbitrary files from the workspace. Content within these files (such as code comments) could theoretically contain instructions intended to influence the agent's behavior.
- Ingestion points: The script
scripts/find-webmcp-targets.mjsreads file contents across the workspace to locate API markers. - Boundary markers: The skill does not implement specific delimiters or instructions to ignore embedded content within the scanned data.
- Capability inventory: The agent has the ability to read and modify files and implement business logic based on the scan results.
- Sanitization: No sanitization or filtering of file content is performed prior to the agent processing the markers.
Audit Metadata