mcp-developer
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a technical reference for building MCP integrations. The provided code templates for TypeScript and Python correctly incorporate security best practices, such as input validation using Zod or Pydantic.
- [SAFE]: Resource implementation examples (e.g., in
references/resources.md) specifically include safeguards against common vulnerabilities, such as path traversal checks (is_safe_path) for file system access and regex validation for database table names to prevent SQL injection. - [SAFE]: The constraints section in
SKILL.mdexplicitly forbids dangerous practices like hardcoding credentials or skipping input validation. - [SAFE]: All referenced tools and packages (e.g.,
@modelcontextprotocol/sdk,mcp,zod,pydantic) are official or industry-standard libraries for the stated purpose of the skill.
Audit Metadata