build-mcp-sdk-v2
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a development guide for the Model Context Protocol (MCP) v2 SDK. It correctly identifies and promotes the use of official, split-package libraries such as
@modelcontextprotocol/server,@modelcontextprotocol/client, and@modelcontextprotocol/core. - [SAFE]: Implementation examples demonstrate security-conscious patterns, including the use of environment variables for sensitive credentials (API keys, tokens) and the application of DNS rebinding protection through official framework adapters for Express and Hono.
- [SAFE]: Tool definitions use Zod v4 for strict input and output schema validation, which helps mitigate potential injection and data integrity issues when processing external data.
- [SAFE]: No instances of prompt injection, data exfiltration, obfuscation, or unauthorized command execution were found. All development commands (e.g.,
npm install,npx @anthropic-ai/mcp-inspector) are standard and appropriate for the skill's documented purpose.
Audit Metadata