webmcp-security
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill content is purely educational and defensive, focusing on hardening implementations against common attack vectors without introducing any malicious code or behavior.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch the WebMCP specification from 'https://webmachinelearning.github.io/webmcp/'. This is a legitimate documentation site for the protocol and is treated as a well-known resource for technical information.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design, as it ingests external data from web searches and specification sites. Evidence Chain: 1. Ingestion points: Data entering the agent via 'WebFetch' and 'WebSearch' (SKILL.md). 2. Boundary markers: Absent from the instructions. 3. Capability inventory: The skill has access to tools including 'Bash', 'Write', 'Edit', and 'Grep'. 4. Sanitization: No sanitization is specified for the external content before processing. Given the intended use-case of fetching official documentation, this is assessed as a standard operational surface rather than a malicious vector.
Audit Metadata