build-mcpb
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- Path Validation and Sanitization: The skill provides detailed instructions and code examples for preventing path traversal vulnerabilities when interacting with the local filesystem. It correctly advises developers to resolve and check path containment against allowed roots.
- Secure Command Execution: The documentation highlights the risks of command injection and demonstrates the correct use of argument arrays instead of shell execution when spawning processes.
- Input Security Awareness: The skill identifies that tool inputs derived from AI interactions should be treated as untrusted data, providing a framework for developers to implement their own security boundaries within tool handlers.
- Trusted Resource Integration: The build process and schema validation rely on official packages and repositories associated with the Model Context Protocol and the skill author, which are recognized as trusted sources.
Audit Metadata