mpp-server-middleware

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill references a sensitive secretKey (used for HMAC challenge binding) but follows industry best practices by explicitly instructing the agent to use environment variables (process.env.MPP_SECRET_KEY) and warning against hardcoding credentials.
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation and integration patterns from well-known services including NPM (npmjs.com), GitHub, and Stripe (docs.stripe.com). These references are used for configuration and implementation guidance and are treated as safe sources.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by instructing the agent to fetch and process external content from the web (NPM pages, search results, and documentation) while maintaining file-write and shell execution capabilities.
  • Ingestion points: External content is ingested via WebFetch (NPM, Stripe docs) and WebSearch (middleware patterns, official samples) as described in the 'Before writing code' section.
  • Boundary markers: The instructions do not specify any boundary markers or delimiters to isolate fetched external content from the agent's primary instructions.
  • Capability inventory: The skill has access to Write, Edit, and Bash tools, which could potentially be misused if malicious instructions are embedded in the fetched documentation.
  • Sanitization: There are no explicit instructions to sanitize or validate the content retrieved from external URLs before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:50 PM
Security Audit — agent-trust-hub — mpp-server-middleware