build-mcp-use-agent
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents the construction of AI agents that ingest data from external MCP (Model Context Protocol) servers, creating a surface for indirect prompt injection.
- Ingestion points: Agents can ingest data from the local filesystem (references/examples/agent-recipes.md), scraped web content (references/guides/server-manager.md), and search results (references/examples/integration-recipes.md).
- Boundary markers: While the guide recommends using Zod schemas for structured output (references/guides/structured-output.md) to harden the agent-application interface, the interaction between the LLM and the raw tool output often lacks explicit boundary markers in standard text flows.
- Capability inventory: The documented agents possess significant capabilities including file read/write access, shell command execution (via server configurations), and the ability to dynamically add new MCP servers with arbitrary execution logic at runtime (add_mcp_server_from_config tool in references/guides/server-manager.md).
- Sanitization: The skill relies on the underlying LLM's safety filters and user-defined Zod schemas for validation; there is no automated sanitization of external content before it enters the agent's context beyond what is provided by the LangChain/mcp-use frameworks.
Audit Metadata