Skills
skills/anthropics/claude-plugins-official/build-mcp-app/Gen Agent Trust Hub

build-mcp-app

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFE
Full Analysis
  • Interactive Messaging Surface: The skill instructs on the use of the @modelcontextprotocol/ext-apps SDK to build UI components that can communicate with the agent host.
  • Functional Overview: Widgets use the App class to receive data via ontoolresult and can influence the conversation using app.sendMessage or app.updateModelContext. This is the intended architecture for interactive MCP resources.
  • Security Controls: The documentation includes extensive references to security constraints, specifically detailing how the host environment uses the HTML sandbox attribute and a restrictive Content-Security-Policy (CSP) to isolate the widgets.
  • Secure Implementation Patterns: The provided templates and reference files guide developers on handling outbound links through app.openLink and managing external images via server-side data URL inlining to comply with security restrictions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 11:10 AM