mcp-creator
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch live documentation from
https://gofastmcp.com/llms-full.txtand useWebSearchto supplement bundled references. This is documented neutrally as it targets the official domain for the framework being implemented. - [REMOTE_CODE_EXECUTION]: The skill provides templates and guidance for using
create_proxyandFileSystemProvider. These features enable the execution of local scripts via subprocesses or the dynamic loading of Python modules from a directory. While these are core features of the FastMCP framework, they represent a capability for local code execution if configured to point at malicious or untrusted files. - [PROMPT_INJECTION]: The skill includes 'Critical Rules' and imperative instructions to guide the agent's behavior. While these are intended for quality control (e.g., 'No stdout', 'Verbose descriptions'), they are structurally similar to override patterns. Additionally, the ingestion of external documentation via
WebFetchcreates a surface for indirect prompt injection, where instructions embedded in the remote text could influence the agent's implementation strategy. - Ingestion points: The agent fetches implementation details from
https://gofastmcp.com/llms-full.txt(SKILL.md § Consult Live Documentation). - Boundary markers: None explicitly defined for the remote content; the agent is simply instructed to let live docs 'win' over bundled references.
- Capability inventory: The agent can scaffold new projects using
wagents new mcpand write implementation code to the local filesystem. - Sanitization: No explicit sanitization or filtering is performed on the fetched documentation before processing.
Audit Metadata