mcp
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as documentation for the official MCP C# SDK and associated NuGet packages. All links and repository references point to official and reputable sources.
- [COMMAND_EXECUTION]: The documentation includes patterns for launching local MCP servers via shell commands (e.g., using
npx). These are standard integration examples for the protocol and do not contain malicious payloads. - [REMOTE_CODE_EXECUTION]: Code examples illustrate connecting to remote servers or running packages from the official
@modelcontextprotocolregistry. These are intended for development workflows and use trusted namespaces. - [CREDENTIALS_SAFE]: Authentication examples use safe placeholders like
<token>and advise on implementing security at the transport boundary (ASP.NET Core middleware), adhering to secret management best practices. - [INDIRECT_PROMPT_INJECTION]: While the skill describes an interface for processing external data (MCP tools/resources), it provides mandatory security guidance to mitigate risks:
- Ingestion points: Arguments passed to tools and resource URI templates defined in
references/patterns.md. - Boundary markers: Encourages explicit capability negotiation and validation of all incoming parameters.
- Capability inventory: File system access, network transport (stdio, HTTP), and chat client integration patterns.
- Sanitization: Explicitly provides code examples for path normalization and validation (
fullPath.StartsWith(root)) to prevent path traversal attacks.
Audit Metadata