mcp-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a reference guide for developers building MCP servers. It contains educational content, architectural patterns, and code snippets following industry best practices.
- [SAFE]: The security section proactively identifies and provides mitigations for common AI agent vulnerabilities, such as command injection (citing CVE-2025-53967), tool poisoning, and supply chain risks.
- [SAFE]: All code examples demonstrate secure usage of the Model Context Protocol SDK, specifically recommending per-request server instances to prevent cross-client data leakage (referencing GHSA-345p-7cg4-v4c7).
- [SAFE]: Dependencies referenced are official packages from the Model Context Protocol organization and well-known web frameworks like Hono and Express.
- [SAFE]: The skill correctly identifies and warns against dangerous practices like interpolating user input into shell commands or using shared server instances in stateless environments.
Audit Metadata