webmcp-context-provider

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to fetch documentation and specifications from the Web Machine Learning Community Group's GitHub Pages site (https://webmachinelearning.github.io/webmcp/). This is a well-known technical resource for the API being implemented.
  • [PROMPT_INJECTION]: The skill architecture facilitates providing contextual metadata to an agent, which creates a surface for indirect prompt injection.
  • Ingestion points: Data provided via the metadata object in the navigator.modelContext.provideContext method calls (SKILL.md).
  • Boundary markers: The provided code examples and instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings for the metadata field.
  • Capability inventory: The skill allows access to high-privilege capabilities including Bash, Write, Edit, and WebFetch as defined in the allowed-tools section.
  • Sanitization: No specific sanitization or validation logic is described for the content of the metadata object before it is passed to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — webmcp-context-provider