Skills
skills/richfrem/project_sanctuary/create-mcp-integration/Gen Agent Trust Hub

create-mcp-integration

Pass

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it accepts unvalidated user input (names, descriptions) and interpolates it directly into agent-executable template files.
  • Ingestion points: Interactive requirement gathering in SKILL.md and templates in the templates/ directory (e.g., SKILL.md.jinja, agent.md.jinja).
  • Boundary markers: Absent. User input is placed directly into YAML frontmatter and Markdown bodies without delimiters or "ignore embedded instructions" warnings.
  • Capability inventory: The skill utilizes Bash and Write tools to generate new skills and modify the claude.json configuration.
  • Sanitization: No input sanitization or validation logic is defined in the instructions to filter malicious instructions from user-provided strings before file generation.
  • [COMMAND_EXECUTION]: The skill prompts the user for a command or executable path to run the MCP server and writes this directly into the mcpServers configuration in claude.json. While this is the primary purpose of the skill, it creates a surface for command injection if a malicious shell command is provided by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
May 24, 2026, 08:27 AM
Security Audit — agent-trust-hub — create-mcp-integration