agent-mcp-cli
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill primarily operates by instructing the agent to run
php artisan agent-mcp:*commands. These commands are used to discover, inspect, and call tools within a Laravel application context. - [EXTERNAL_DOWNLOADS]: In its 'Remote' mode, the skill performs network requests to a user-defined endpoint (
AGENT_MCP_URL). It enforces security by requiring HTTPS for remote URLs to ensure that the authorization token (AGENT_MCP_KEY) is not transmitted in plaintext. - [CREDENTIALS_UNSAFE]: The skill handles an authentication token (
AGENT_MCP_KEY). It follows secure practices by advising the use of environment variables and explicitly stating that the key should never be committed to configuration files or source control. - [PROMPT_INJECTION]: As the skill processes output from external sources (remote API or local database/logs), it has an indirect prompt injection surface. The skill mitigates this by restricting tools to read-only operations and implementing best-effort redaction of sensitive data.
- [COMMAND_EXECUTION]: The skill includes instructions for optional community engagement using the GitHub CLI (
gh). These actions (starring a repo or filing an issue) are documented as prose-permission only, requiring explicit user consent before execution, and include preflight checks for authentication status.
Audit Metadata