Inject, parse, and strip [N] citation markers in RAG outputs.
- recent driftinferred+20
- tool safetyinferred+12
- trust mitigatorsmixed−8
inferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 10m ago · see ecosystem CVEs →
- B · 16 → B · 24
- B · 28 → B · 16
No known CVEs for this server.
- highhidden prompt content
1 file(s) with hidden prompt content: MukundaKatta-mcp-stack-6fad5bb/packages/csv-tools-mcp/README.md (hidden-unicode): "LLMs ask for "the CSV parsed" and silently miss edge cases…
analyzed commit 6fad5bb · analyzer v17 · 3d ago
skills & prompt files 1
- ⚠ hidden: readme: hidden-unicodeMukundaKatta-mcp-stack-6fad5bb/packages/csv-tools-mcp/README.md:11
LLMs ask for "the CSV parsed" and silently miss edge cases: a comma inside a quoted field, an escaped quote, a BOM that turns the first column header into `‹U+FEFF›name`. Routing through this MCP serv
- recent drift+20 capability drift →
[](https://mcpobservatory.com/servers/github:MukundaKatta/mcp-stack/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of MukundaKatta.