mcp-expert
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill's 'Onboarding Protocol' directs the agent to download and run new MCP servers via 'uvx', which facilitates the dynamic execution of third-party code from external registries.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on fetching software packages (e.g., 'mcp-server-browser-use') at runtime from public registries without providing a mechanism for source or integrity verification.
- [COMMAND_EXECUTION] (MEDIUM): The agent is instructed to execute shell commands for server management and configuration, creating a potential vector for command injection if package names or arguments are attacker-controlled.
- [PROMPT_INJECTION] (LOW): The skill presents a high surface area for Indirect Prompt Injection (Category 8) by combining web-browsing capabilities with tool-management permissions. Evidence: 1. Ingestion point: Web browsing via 'browser-use'. 2. Boundary markers: Absent. 3. Capability inventory: Tool management and uvx command execution. 4. Sanitization: Not specified.
Audit Metadata