agent-mcp-cli

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill primarily operates by instructing the agent to run php artisan agent-mcp:* commands. These commands are used to discover, inspect, and call tools within a Laravel application context.
  • [EXTERNAL_DOWNLOADS]: In its 'Remote' mode, the skill performs network requests to a user-defined endpoint (AGENT_MCP_URL). It enforces security by requiring HTTPS for remote URLs to ensure that the authorization token (AGENT_MCP_KEY) is not transmitted in plaintext.
  • [CREDENTIALS_UNSAFE]: The skill handles an authentication token (AGENT_MCP_KEY). It follows secure practices by advising the use of environment variables and explicitly stating that the key should never be committed to configuration files or source control.
  • [PROMPT_INJECTION]: As the skill processes output from external sources (remote API or local database/logs), it has an indirect prompt injection surface. The skill mitigates this by restricting tools to read-only operations and implementing best-effort redaction of sensitive data.
  • [COMMAND_EXECUTION]: The skill includes instructions for optional community engagement using the GitHub CLI (gh). These actions (starring a repo or filing an issue) are documented as prose-permission only, requiring explicit user consent before execution, and include preflight checks for authentication status.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 03:06 AM
Security Audit — agent-trust-hub — agent-mcp-cli