mcp-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill provides comprehensive defensive patterns to detect and sanitize prompt injection attacks in tool descriptions (Category 1). It includes regex-based detection for instruction overrides, role hijacking, and context wiping.
- Data Exposure & Exfiltration (SAFE): Includes patterns for redacting sensitive information like API keys, passwords, and bearer tokens from tool responses (Category 2). It also provides logic to block access to sensitive file paths (~/.ssh, .env).
- Obfuscation (SAFE): Teaches the agent to normalize encodings (HTML, URL, Hex, Homoglyphs) to reveal hidden injection attacks (Category 3). The skill itself contains no malicious obfuscation.
- Authentication & Authorization (SAFE): Implements OAuth 2.1 patterns using PKCE (S256) and RFC 8707 resource indicators to prevent 'confused deputy' attacks and token leakage.
- Security Hardening (SAFE): Promotes a zero-trust model for MCP tools, including hash-based integrity verification (rug-pull detection), capability enforcement (least privilege), and secure session management using high-entropy tokens.
Audit Metadata