Skills
skills/waybarrios/opencode-power-pack/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation and reference materials from official Model Context Protocol websites and GitHub repositories. This includes the protocol specification, architecture overviews, and SDK README files from the project's official sources.
  • [PROMPT_INJECTION]: The skill involves ingesting content from external documentation URLs, which constitutes a surface for indirect prompt injection.
  • Ingestion points: Documentation fetch instructions in SKILL.md targeting official protocol and SDK documentation.
  • Boundary markers: The instructions do not specify explicit delimiters or 'ignore' instructions for the fetched content.
  • Capability inventory: The skill's functionality is limited to information gathering and providing architectural guidance; it does not execute scripts or perform dangerous file operations.
  • Sanitization: There is no evidence of sanitization of the external documentation content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 03:50 PM