storybook-mcp-integration
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an automated generate-test-heal cycle that relies on ingesting external data from the Storybook MCP server to drive file system modifications.\n
- Ingestion points: Documentation, component properties, and test results retrieved via
list-all-documentation,get-documentation, andrun-story-tests.\n - Boundary markers: There are no explicit instructions or delimiters used to ensure the agent ignores potential instructions embedded within the component documentation or test error messages.\n
- Capability inventory: The skill leverages
WriteandEditfile system tools alongside the ability to execute story tests.\n - Sanitization: No sanitization or validation logic is defined to prevent malicious content in stories or documentation from influencing the agent during the self-healing process.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@storybook/addon-mcpand@storybook/addon-vitestpackages from the NPM registry and references Chromatic for remote Storybook access.\n- [COMMAND_EXECUTION]: The documentation includesnpxcommands for upgrading Storybook, adding addons, and registering the MCP server with the agent environment.
Audit Metadata