mpp-server-middleware
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill references a sensitive
secretKey(used for HMAC challenge binding) but follows industry best practices by explicitly instructing the agent to use environment variables (process.env.MPP_SECRET_KEY) and warning against hardcoding credentials. - [EXTERNAL_DOWNLOADS]: The skill fetches documentation and integration patterns from well-known services including NPM (npmjs.com), GitHub, and Stripe (docs.stripe.com). These references are used for configuration and implementation guidance and are treated as safe sources.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by instructing the agent to fetch and process external content from the web (NPM pages, search results, and documentation) while maintaining file-write and shell execution capabilities.
- Ingestion points: External content is ingested via
WebFetch(NPM, Stripe docs) andWebSearch(middleware patterns, official samples) as described in the 'Before writing code' section. - Boundary markers: The instructions do not specify any boundary markers or delimiters to isolate fetched external content from the agent's primary instructions.
- Capability inventory: The skill has access to
Write,Edit, andBashtools, which could potentially be misused if malicious instructions are embedded in the fetched documentation. - Sanitization: There are no explicit instructions to sanitize or validate the content retrieved from external URLs before processing it.
Audit Metadata