mcp
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/connections.pyfacilitates the execution of arbitrary shell commands to initialize MCP servers using thestdiotransport method. This is a functional requirement for local server testing but represents a powerful capability. - [PROMPT_INJECTION]: The
scripts/evaluation.pyscript is vulnerable to indirect prompt injection (Category 8). It reads untrusted questions from an XML file and provides them to the agent without sanitization or boundary markers. This allows a crafted evaluation file to potentially manipulate the agent's behavior during the testing phase. Evidence: 1. Ingestion point:parse_evaluation_filefunction inscripts/evaluation.pyreads data from the user-provided XML file. 2. Boundary markers: Absent. The question text is directly inserted into the agent's message context. 3. Capability inventory: The testing agent has access to all tools exposed by the MCP server under evaluation. 4. Sanitization: Absent. The raw question content is not filtered or escaped.
Audit Metadata