postman-mcp-server
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the official Postman MCP server package from the public NPM registry (@postman/postman-mcp-server).
- [COMMAND_EXECUTION]: Provides instructions for running the server locally using npx, docker, or via the claude-cli command.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external data such as Postman collections and API specifications.
- Ingestion points: API schemas, Postman collection descriptions, and environment variable values fetched from the Postman API.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are specified.
- Capability inventory: The skill can execute network requests (send_request), generate code (generate_client_code), and modify environment variables (update_environment).
- Sanitization: No explicit sanitization or validation logic for external content is described in the documentation.
Audit Metadata