webmcp-setup
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install webmcp-react and zod via npm, and to clone the vendor's repository from https://github.com/MCPCat/webmcp-react.git. These are standard dependencies for the library's functionality.\n- [COMMAND_EXECUTION]: The setup process involves running npx webmcp-server to establish a connection between the web application and MCP clients like Cursor or Claude Code. This executes the vendor's bridge server package.\n- [PROMPT_INJECTION]: The skill facilitates the creation of custom AI tools that ingest external data, creating an indirect prompt injection surface.\n
- Ingestion points: The GreetTool in SKILL.md accepts a name parameter from the agent.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used in the tool definition examples.\n
- Capability inventory: The example handler performs string interpolation. The broader useMcpTool framework allows for tools with more significant capabilities.\n
- Sanitization: The provided boilerplate code does not include input validation or sanitization logic beyond Zod schema validation.
Audit Metadata