netlify-mcp-servers
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill instructions or code snippets. The skill is authored by the platform vendor (Netlify) and uses appropriate security primitives.
- [EXTERNAL_DOWNLOADS]: Recommends the use of official and well-known libraries:
@modelcontextprotocol/sdk(the official SDK for the Model Context Protocol) andzod(a industry-standard schema validation library). - [COMMAND_EXECUTION]: Instructs the user to use standard development and deployment tools including the Netlify CLI (
netlify dev,netlify deploy) andopensslfor local secret generation. - [DATA_EXFILTRATION]: Demonstrates secure handling of authentication tokens. It uses the
node:cryptomodule'stimingSafeEqualfunction to mitigate timing attacks and emphasizes storing sensitive tokens in Netlify's encrypted environment variables rather than hardcoding them. - [PROMPT_INJECTION]: Addresses potential indirect prompt injection vulnerabilities by recommending
zodfor strict input validation and providing guidance on using tool descriptions to enforce human-in-the-loop confirmation for sensitive actions. - Ingestion points: Tool handlers in
SKILL.md(e.g.,get_item) receive input arguments directly from the AI client's request. - Boundary markers: The skill advises using tool descriptions to set behavioral boundaries for the AI agent, such as requiring explicit user confirmation before executing a tool.
- Capability inventory: The code provides a framework for creating serverless tools that can execute arbitrary logic (e.g., database reads in
getItem) within the Netlify Functions environment. - Sanitization: Implements
zodschema validation for all tool inputs to ensure only expected data types and structures are processed.
Audit Metadata