mcp-sentinel
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions contain strings such as 'ignore safety guidelines' and 'disable security settings'. These are used exclusively as detection signatures for auditing other skills and do not represent attempts to bypass the agent's own safety protocols.\n- [COMMAND_EXECUTION]: The agent utilizes the Bash tool to perform legitimate file discovery and system inventory tasks related to identifying installed skills and MCP servers.\n- [DATA_EXFILTRATION]: The skill accesses local project and user configuration files to build a security inventory. This data is used for local analysis and comparison against public threat databases.\n- [PROMPT_INJECTION]: The skill processes untrusted content from the web and other skills, creating a potential surface for indirect prompt injection. This is an inherent risk of security auditing tools processing external data.\n
- Ingestion points: Content from analyzed SKILL.md files and web search results from community sources.\n
- Boundary markers: Absent.\n
- Capability inventory: Bash, Write, and WebSearch tools.\n
- Sanitization: Absent.
Audit Metadata