webmcp-polyfill

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to identify and install the "mcp-b" package from the npm registry and GitHub. This package is a vendor-provided resource for implementing WebMCP functionality.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface because it processes untrusted data from the web.
  • Ingestion points: The agent is instructed to use "WebSearch" and "WebFetch" to gather documentation and package names from GitHub and npm (SKILL.md).
  • Boundary markers: Absent. There are no instructions or delimiters provided to prevent the agent from following instructions found within the retrieved external documents.
  • Capability inventory: The agent possesses the "Bash", "Write", and "Edit" tools, which could be exploited to execute code or modify the environment if malicious instructions are encountered in the external content.
  • Sanitization: No sanitization or verification steps are included to validate the content of the fetched READMEs or API docs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — webmcp-polyfill