audit-agentic-mcp
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a knowledge base and auditing toolkit. It includes extensive documentation on security best practices and mitigating common vulnerabilities.
- [PROMPT_INJECTION]: References to patterns like 'Ignore previous instructions' in security.md and threat-catalog.md were evaluated and confirmed to be descriptive examples of threats used for developer education, not active attempts to manipulate the agent.
- [COMMAND_EXECUTION]: The skill includes bash utility scripts (audit-mcp-server.sh and measure-context-budget.sh) designed to scan local directories for MCP-related code patterns. These scripts use read-only tools like grep and rg to provide diagnostics and do not perform any destructive operations or execute untrusted remote code.
- [DATA_EXFILTRATION]: No unauthorized network activity or credential harvesting patterns were found. The skill operates locally on the provided codebase and guides the agent in identifying potential data exposure risks in other servers.
Audit Metadata