Skills
skills/tenequm/skills/mcp-best-practices/Gen Agent Trust Hub

mcp-best-practices

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a set of markdown-based documentation files and does not contain executable code, scripts, or instructions that would compromise the agent or the host environment.
  • [SAFE]: The automated detection of sensitive data exfiltration (e.g., using curl to post SSH keys) in references/security-auth.md is a false positive. The content is explicitly labeled as examples of malicious commands in an 'Attack Vectors' section designed to educate developers on securing local MCP servers.
  • [SAFE]: All external links and package references target official project documentation, well-known software repositories (e.g., GitHub, npm), and technical standards (e.g., IETF, RFCs). These are legitimate resources for the skill's intended purpose as a developer guide.
  • [SAFE]: There are no attempts at prompt injection, obfuscation, or privilege escalation. The skill correctly follows industry-standard security recommendations, such as OAuth 2.1 implementation and CSP configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 10:38 AM