webmcp-testing
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by combining high-privilege tool access with external data ingestion.
- Ingestion points: Untrusted data is ingested via the WebFetch and WebSearch tools as described in the agent testing workflows (SKILL.md).
- Boundary markers: The skill does not implement or recommend delimiters or instructions to the agent to disregard commands embedded in the fetched external content.
- Capability inventory: The skill permits the use of powerful tools including Bash, Write, and Edit, which could be exploited if the agent is manipulated (SKILL.md).
- Sanitization: There is no evidence of sanitization or validation logic for data retrieved from external tools before it is processed by the AI agent.
Audit Metadata