native-mcp
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill describes the execution of local MCP servers as subprocesses using command-line tools like
npx,uvx, or direct binaries defined in the user's configuration file. - [EXTERNAL_DOWNLOADS]: The documentation guides users to install the
mcpPython SDK and use package executors to fetch and run remote MCP server implementations from the Model Context Protocol ecosystem. - [DATA_EXFILTRATION]: The client is designed to transmit authentication tokens (e.g., GitHub Personal Access Tokens, Bearer tokens) to configured MCP servers to enable authenticated tool access. The documentation includes security best practices for explicit environment variable mapping to prevent accidental leakage.
- [PROMPT_INJECTION]: The 'Sampling' capability allows external MCP servers to initiate LLM requests. This introduces a surface for indirect prompt injection where a compromised or malicious server could attempt to influence the agent's behavior. The skill documents mitigation strategies including model whitelisting, token caps, and the ability to disable sampling globally per server.
Audit Metadata