storybook-mcp-integration
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes component documentation and story source code which could potentially contain malicious instructions.
- Ingestion points:
list-all-documentation,get-documentation, andWebFetch(used for fallback component search). - Boundary markers: No specific delimiters are specified to isolate external documentation from agent instructions.
- Capability inventory: Includes file writing, editing, and test execution (
run-story-tests). - Sanitization: No explicit validation or filtering of the fetched component documentation is mentioned.
- [DATA_EXFILTRATION]: Facilitates access to project component metadata and source code through the Storybook MCP server to aid development and discovery.
- [EXTERNAL_DOWNLOADS]: The documentation includes setup instructions for installing Storybook and its official addons from well-known registries via standard package managers.
Audit Metadata