webmcp-context-provider
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill is purely instructional and focuses on implementing proposed web standards.
- [EXTERNAL_DOWNLOADS]: Fetches technical specifications from the official GitHub Pages repository of the Web Machine Learning Working Group (webmachinelearning.github.io).
- [DATA_EXFILTRATION]: Includes explicit security-conscious advice to exclude sensitive user information (such as email or physical addresses) from the context metadata shared with agents.
- [PROMPT_INJECTION]: The skill documents the injection of page-level metadata into the agent context, which is an inherent surface for indirect prompt injection. However, it provides mitigation strategies by recommending that metadata remain lightweight and focused on non-sensitive state information.
Audit Metadata