mcp-server
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the agent to use 'npx -y' for server installation, which automatically downloads and executes remote code from the npm registry without user confirmation. Evidence: Reference to 'npx -y @package/mcp-server' in the Authentication Patterns section.
- [COMMAND_EXECUTION] (MEDIUM): The guide details how to modify the '~/.cursor/mcp.json' configuration file to define arbitrary commands and arguments that the IDE will execute. Evidence: Instructions in the 'Creating a New MCP' and 'Troubleshooting' sections.
- [CREDENTIALS_UNSAFE] (LOW): The documentation encourages storing sensitive API keys in plaintext within environment variables in the 'mcp.json' file. Evidence: Example JSON block showing 'API_KEY': 'your-token-here'.
- [INDIRECT PROMPT INJECTION] (LOW): The skill processes tool descriptors from local JSON files. If these files are sourced from untrusted projects, they could contain malicious instructions or schemas designed to manipulate agent behavior. Evidence: Step 1 in 'Usage Pattern' and the 'Tool Descriptor Format' section.
Recommendations
- AI detected serious security threats
Audit Metadata