mpp-setup
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches live documentation and API specifications from npmjs.com, docs.stripe.com, and mpp.dev. These references are used to ensure the generated project structure and SDK usage are compatible with the latest versions.
- [COMMAND_EXECUTION]: Uses standard package management commands (npm install, pip install) to add required SDKs to the project. It also suggests using openssl to generate cryptographic keys for HMAC challenge binding, which is a standard security practice.
- [CREDENTIALS_UNSAFE]: Appropriately identifies sensitive configuration requirements, such as Stripe secret keys and protocol secret keys, and explicitly instructs the agent to externalize these into environment variables or .env files rather than hardcoding them into the source code.
Audit Metadata