mcporter
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTION
Full Analysis
- [NO_CODE]: The skill package contains no executable scripts, binaries, or source code files. It consists solely of instructional documentation and a metadata JSON file.
- [COMMAND_EXECUTION]: The instructions enable the agent to execute the
mcporterCLI tool to perform operations such as server listing, tool calling, and configuration management. This includes the ability to launch local servers via stdio, as shown in the provided examples. - [PROMPT_INJECTION]: Vulnerability Surface (Indirect): The skill instructions describe a workflow that ingests data from external MCP servers which could potentially contain malicious content aimed at influencing the agent's behavior.
- Ingestion points: Data retrieved through the
mcporter callcommand (e.g., inSKILL.md). - Boundary markers: No specific boundary markers or "ignore instructions" warnings are defined in the prompt templates.
- Capability inventory: The agent has the capability to execute CLI commands and manage local configurations via the
mcportertool. - Sanitization: No explicit sanitization or validation of the content returned from MCP servers is mentioned.
Audit Metadata