skills/fusengine/codex/mcp-tools/Gen Agent Trust Hub

mcp-tools

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing third-party MCP servers, specifically xcodebuildmcp@latest and @kimsungwhee/apple-docs-mcp, using the npx -y command which bypasses installation confirmation and executes code from the npm registry.
  • [COMMAND_EXECUTION]: The XcodeBuildMCP tool enables the agent to execute shell commands such as xcodebuild for project automation, building, cleaning, and project scaffolding, providing a significant capability for local system modification.
  • [PROMPT_INJECTION]: The skill contains instructions that attempt to override default agent behavior by mandating specific tool prioritization (e.g., "PRIORITY over Context7") and defining strict autonomous workflows ("MANDATORY validation").
  • [DATA_EXFILTRATION]: Provides an indirect prompt injection surface through the ingestion of external data which could influence agent actions.
  • Ingestion points: Documentation search, WWDC transcripts, and sample code via the apple-docs tool.
  • Boundary markers: No explicit delimiters or instructions are present to prevent the agent from following directives embedded in retrieved documentation.
  • Capability inventory: Includes project building, file creation, and inspection of potentially sensitive build settings.
  • Sanitization: No sanitization or validation of the external documentation or code samples is performed before processing.
  • [NO_CODE]: The skill is informational and configuration-based, containing no local scripts or binaries; all operations are performed via external tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 04:56 PM
Security Audit — agent-trust-hub — mcp-tools