MCP Integration
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional and contains no executable code. It promotes industry-standard security practices, including the explicit avoidance of hardcoded credentials and the use of environment variables for token management.
- [EXTERNAL_DOWNLOADS]: Configuration examples reference official hosted MCP servers from well-known technology companies (Asana and GitHub) and official packages from the Model Context Protocol organization (@modelcontextprotocol/server-filesystem). These are legitimate, trusted sources in the context of implementing the protocol.
- [CREDENTIALS_UNSAFE]: The documentation uses safe placeholders such as
${API_TOKEN},${DB_URL}, and${CLIENT_ID}in its examples, providing clear instructions on how users should securely provide their own credentials via their local environment.
Audit Metadata