Skills
skills/wyattowalsh/agents/mcp-creator/Gen Agent Trust Hub

mcp-creator

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill features a robust security reference (references/auth-and-security.md) that educates users and agents on preventing SSRF, validating input, and managing secrets via environment variables.
  • [EXTERNAL_DOWNLOADS]: Retrieves live framework documentation from https://gofastmcp.com/llms-full.txt to align implementation with the most recent API specifications.
  • [COMMAND_EXECUTION]: Utilizes the wagents CLI for project initialization and the uv package manager for dependency management and local server validation.
  • [PROMPT_INJECTION]: Implements a workflow for fetching external documentation, which introduces an indirect prompt injection surface.
  • Ingestion points: SKILL.md (Consult Live Documentation section).
  • Boundary markers: Absent.
  • Capability inventory: File system creation (wagents new), command execution (uv run).
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 11:13 PM