Skills
skills/aiskillstore/marketplace/mcp-builder/Gen Agent Trust Hub

mcp-builder

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The file scripts/connections.py implements the MCPConnectionStdio class which utilizes the mcp.client.stdio.stdio_client. This allows for the execution of arbitrary shell commands and arguments on the local host.
  • Evidence: The create_connection factory function allows an agent to specify a stdio transport along with a command, args, and env variables, which are then passed directly to a subprocess runner.
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill documentation in SKILL.md directs the agent to fetch external content using WebFetch from various URLs (e.g., github.com, modelcontextprotocol.io).
  • Evidence: If an attacker-controlled page (e.g., a malicious documentation site or a compromised repository) provides instructions that the agent then uses to 'test' or 'initialize' a server using the stdio transport, it could lead to the execution of arbitrary code.
  • [DATA_EXFILTRATION] (MEDIUM): The MCPConnectionStdio and MCPConnectionHTTP classes allow for passing environment variables (env) and custom headers.
  • Evidence: An agent could be manipulated via external instructions to pass local secrets (like API keys or environment variables) into an untrusted remote MCP server via the headers or env parameters in connections.py.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:47 PM