webmcp-authentication
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to fetch live technical specifications from 'webmachinelearning.github.io' and perform targeted web searches on 'developer.chrome.com' and 'github.com' to ensure implementation alignment with current standards.
- [COMMAND_EXECUTION]: The skill lists 'Bash' as an allowed tool in its metadata, which is used for implementing and testing the authentication patterns described in the conceptual architecture.
- [PROMPT_INJECTION]: The skill defines a workflow that utilizes 'WebFetch' and 'WebSearch' to ingest external data. While this creates a theoretical surface for indirect prompt injection from third-party content, the instructions mitigate this by focusing on trusted documentation sources and establishing clear security boundaries for tool registration.
- Ingestion points: 'WebFetch' and 'WebSearch' capabilities are utilized to retrieve documentation and search results (SKILL.md).
- Boundary markers: The skill provides a 'Conceptual Architecture' that defines how tools should be conditionally registered based on the user's authentication state.
- Capability inventory: The agent has access to 'Bash', 'Write', 'Edit', 'Grep', and 'Glob' for system interaction.
- Sanitization: The instructions explicitly mandate server-side validation, CSRF protection, and the exclusion of sensitive credentials or tokens from agent-accessible tool parameters.
Audit Metadata