developing-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains phrases often associated with prompt injection, such as 'IGNORE ALL PREVIOUS INSTRUCTIONS', within the 'references/SECURITY.md' file. These are used exclusively as educational examples in a section explaining 'Indirect Prompt Injection' threats and their mitigations.
- [SAFE]: Code examples in 'references/BUILDING-CLIENTS.md' and 'references/BUILDING-SERVERS.md' involve network operations and process spawning. These are standard implementation patterns for the Model Context Protocol (MCP) using the TypeScript SDK and are not used for exfiltration or unauthorized access.
- [SAFE]: The skill actively promotes security best practices, including path normalization to prevent traversal, input validation using Zod, and the use of 'spawn' instead of 'exec' to prevent command injection.
- [SAFE]: All external dependencies listed (e.g., @modelcontextprotocol/sdk, zod, express) are well-known, legitimate packages relevant to the skill's primary purpose of MCP development.
Audit Metadata