mcp-use-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists entirely of markdown files providing documentation, best practices, and code examples. There are no executable scripts or active components that perform operations on the host system.
- [NO_CODE]: The skill provides no functional code or tool definitions; it is purely informational, designed to educate the agent on the architecture and usage of the
mcp-uselibrary. - [PROMPT_INJECTION]: The instructions were analyzed for malicious patterns, such as bypass commands or role-play jailbreaks. No such content was found. The guidance provided (e.g., '6 AI Derailment Patterns') is focused on improving the quality and safety of the agent's code reviews.
- [DATA_EXFILTRATION]: No sensitive data access or exfiltration patterns were detected. Documentation for authentication and session management correctly uses placeholders and best practices for environment variable management.
- [REMOTE_CODE_EXECUTION]: The documentation describes standard MCP functionality where servers can run subprocesses or connect via HTTP/WebSocket. These are explained as legitimate configuration options for the SDK and do not constitute an instruction for the agent to execute unauthorized code.
Audit Metadata