Skills
skills/yigitkonur/skills-by-yigitkonur/mcp-server-tester/Gen Agent Trust Hub

mcp-server-tester

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to dynamically download and execute the @mcp-use/inspector package from the npm registry at runtime, which is an external and unverified dependency.
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage background processes, capture PIDs, and perform network requests via curl to interact with local and remote services.
  • [CREDENTIALS_UNSAFE]: The skill explicitly prompts users for high-entropy secrets, such as OpenAI and Anthropic API keys, and provides instructions to persist these secrets in a local .env file in plaintext.
  • [PROMPT_INJECTION]: The skill processes untrusted tool schemas and descriptions from external MCP servers, creating a surface for indirect prompt injection that could influence the behavior of the testing LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 07:19 PM