webmcp-security

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill contains defensive architectural guidance and a security checklist for hardening WebMCP tools.\n- [EXTERNAL_DOWNLOADS]: The skill instructions specify fetching documentation from the official WebMachineLearning GitHub Pages site (webmachinelearning.github.io), which is a trusted source.\n- [PROMPT_INJECTION]: No malicious instruction overrides, role-play injections, or safety bypass attempts were detected in the skill content or metadata.\n- [DATA_EXFILTRATION]: No evidence of hardcoded credentials, sensitive file path access, or unauthorized network transmission patterns was found.\n- [SAFE]: Ingestion of external documentation via search and fetch tools is conducted for the primary purpose of security auditing. 1. Ingestion points: WebFetch and WebSearch results (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit (SKILL.md). 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — webmcp-security