Skills
skills/youdotcom-oss/agent-skills/ydc-crewai-mcp-integration/Gen Agent Trust Hub

ydc-crewai-mcp-integration

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill explicitly recognizes a vulnerability surface for indirect prompt injection from processing arbitrary web content.
  • Ingestion points: Untrusted web data enters the agent context through the results of the you-search and you-contents tools as documented in SKILL.md.
  • Boundary markers: The author provides a specific 'trust boundary' statement to be added to agent backstories to ensure the model treats tool outputs as data only.
  • Capability inventory: The integration enables agents to call remote search and content extraction tools via MCPServerHTTP and MCPServerAdapter.
  • Sanitization: No programmatic sanitization of the scraped content is performed; mitigation relies on the documented prompt engineering practices.
  • [EXTERNAL_DOWNLOADS]: The skill connects to the official You.com MCP endpoint at https://api.you.com/mcp and uses standard package managers to install well-known libraries such as crewai and mcp.
  • [COMMAND_EXECUTION]: The skill requests permission to use Bash for routine environment setup and dependency installation using pip and uv.
  • [CREDENTIALS_UNSAFE]: The skill correctly handles authentication by requiring the YDC_API_KEY to be provided as an environment variable and explicitly cautions against hardcoding secrets in source code.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 05:08 AM