mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches official protocol specifications and SDK documentation from modelcontextprotocol.io and the Model Context Protocol GitHub organization. These are official and trusted sources for the technology integrated by the skill.\n- [COMMAND_EXECUTION]: The evaluation harness (scripts/evaluation.py) executes local MCP server processes via the standard I/O transport. This is an intended functionality designed to allow developers to host and test their server implementations locally.\n- [PROMPT_INJECTION]: The scripts/evaluation.py script is vulnerable to indirect prompt injection through the processing of test questions from external XML files.\n
- Ingestion points: Questions are read from the XML file provided via the eval_file positional argument in scripts/evaluation.py.\n
- Boundary markers: None; the question content is directly interpolated into the message history sent to the model.\n
- Capability inventory: The script is capable of spawning local subprocesses (the MCP server) and invoking any tool functionality exposed by that server.\n
- Sanitization: None; the script does not validate or filter the content of the XML questions before they are processed by the language model.
Audit Metadata