mcp-app-dev-setup

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill clones a repository from the official Elastic GitHub organization ('https://github.com/elastic/forge.git'). This is a trusted source consistent with the skill's authorship.
  • [COMMAND_EXECUTION]: The skill uses standard development tools including 'git', 'pip', 'npm', and 'python3'. These commands are used as intended for environment setup, dependency installation, and smoke testing.
  • [CREDENTIALS_UNSAFE]: While the skill interacts with sensitive credentials (Elasticsearch and Kibana API keys), it follows security best practices by reading them from a '.env' file and explicitly instructing the agent never to check these files into version control. It also directs users to fetch credentials from a secure internal source (1Password).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 11:18 AM
Security Audit — agent-trust-hub — mcp-app-dev-setup