mcp-architecture

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No prompt injection or behavior override instructions were found. The skill is strictly informational and educational.
  • [DATA_EXFILTRATION]: No sensitive file access or unauthorized network operations were detected. The skill uses appropriate placeholders for credentials (e.g., 'your-token') in its configuration examples.
  • [EXTERNAL_DOWNLOADS]: The skill references installation commands for official MCP servers and SDKs from well-known registries (npm, PyPI) and organizations (Anthropic/modelcontextprotocol). These are documented as standard developer tools and follow safe practices.
  • [COMMAND_EXECUTION]: While the skill contains example commands for installing and running servers (e.g., npx, pip, docker), these are provided in an educational context as part of documentation and are not executed automatically or for malicious purposes.
  • [REMOTE_CODE_EXECUTION]: No patterns of remote script execution (like piping curl to bash) or dynamic code execution from untrusted sources were identified.
  • [OBFUSCATION]: The content is entirely in plain text with no hidden characters, encoding, or obfuscated logic.
  • [INDIRECT_PROMPT_INJECTION]: The skill explicitly includes a section on security best practices, advising developers to perform input validation and sanitization to prevent injection attacks in their own MCP implementations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 02:56 AM
Security Audit — agent-trust-hub — mcp-architecture