mcp-setup
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of several Node.js packages (
mcp-omnisearch,mcp-sqlite-tools, andmcpick). These resources are provided by the skill author and are legitimate tools for the described functionality. - [COMMAND_EXECUTION]: Provides shell commands for global package installation (
npm install -g) and instructions to configure the agent to execute tools vianpx. These are standard procedures for deploying CLI-based MCP servers. - [PROMPT_INJECTION]: The
mcp-omnisearchtool introduces a surface for indirect prompt injection by fetching and processing content from the web. - Ingestion points: External data from search providers (Tavily, Brave, Kagi, Perplexity) and GitHub is ingested into the agent context via the
mcp-omnisearchserver. - Boundary markers: No explicit delimiters or boundary instructions are included in the configuration to isolate the untrusted search data.
- Capability inventory: The agent is granted capabilities to perform SQLite operations (including write access) and manage the lifecycle of other MCP servers.
- Sanitization: No sanitization, validation, or filtering mechanisms for the external search content are specified in the setup instructions.
Audit Metadata