mcp-management
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages and executes external MCP servers as subprocesses using the @modelcontextprotocol/sdk. This involves spawning processes with commands and arguments defined in the local .claude/.mcp.json configuration file.
- [EXTERNAL_DOWNLOADS]: Documentation instructs the user to install and run various official MCP server packages from the npm registry using npx, which involves fetching and executing remote code.
- [PROMPT_INJECTION]: The skill acts as an intermediary for user input and external tool data, creating an indirect prompt injection surface. 1. Ingestion points: User prompts piped to the gemini CLI and data returned from MCP tool calls. 2. Boundary markers: The skill mentions using a GEMINI.md file to enforce a structured JSON response format. 3. Capability inventory: Execution of local binaries/scripts and shell commands via the gemini CLI. 4. Sanitization: Relies on LLM adherence to structured output instructions to format responses.
Audit Metadata