mcporter
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
mcporterCLI's--stdioflag to execute shell commands for starting local MCP servers. - [DATA_EXFILTRATION]: The tool can make network requests to remote MCP endpoints and manages sensitive authentication tokens through its configuration and authentication commands.
- [EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of the
mcporterpackage from the Node.js package registry. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection vulnerabilities due to its reliance on data from external MCP servers.
- Ingestion points: Data retrieved from remote or local MCP servers via the
mcporter callcommand. - Boundary markers: No explicit delimiters or instructions to disregard embedded commands are present in the skill content.
- Capability inventory: The CLI tool can execute shell commands and perform network operations.
- Sanitization: There is no evidence of sanitization or validation of the data received from external tools.
Audit Metadata