mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs agents to fetch documentation and SDK README files from official sources like modelcontextprotocol.io and the modelcontextprotocol organization on GitHub. These are trusted, well-known sources for the protocol.
- [COMMAND_EXECUTION]: The
evaluation.pyandconnections.pyscripts facilitate the execution of local server processes via standard input/output (stdio). This is a core functional requirement for testing MCP server implementations. - [PROMPT_INJECTION]: The evaluation harness (
scripts/evaluation.py) is susceptible to indirect prompt injection because it parses user-provided XML files and incorporates the question text directly into the agent's prompt. - Ingestion points: The
eval_fileXML loaded inscripts/evaluation.py. - Boundary markers: None; the question text from the XML is passed directly to the LLM as a user message.
- Capability inventory: The evaluation agent is granted access to all tools exposed by the MCP server being evaluated, which could potentially include file system access or network operations.
- Sanitization: There is no validation, escaping, or filtering applied to the content of the questions before they are processed by the LLM.
Audit Metadata