mcp2web
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface found. The skill demonstrates a protocol where data received from tool inputs is interpolated directly into HTML resources served to an Electron browser.
- Ingestion points: Tool arguments in src/server.ts across all examples (e.g., 'name', 'email', 'title', 'description').
- Boundary markers: Input validation via Zod is used for data types, but the templates lack HTML boundary markers or explicit escaping for user-provided strings.
- Capability inventory: The provided code examples are limited to in-memory storage and do not demonstrate access to dangerous system APIs, the filesystem, or external network resources.
- Sanitization: No HTML sanitization or escaping is implemented in the template functions within src/pages.ts, creating a surface for indirect instructions to be rendered.
Audit Metadata