moai-cc-mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface via its documentation retrieval process.\n
- Ingestion points: External design patterns and best practices are ingested from the Context7 library using the
mcp__context7__get-library-docstool andWebFetchto guide the AI-powered code generation.\n - Boundary markers: The skill lacks explicit delimiters or specific system instructions to ignore potentially malicious instructions embedded within the fetched documentation or external data.\n
- Capability inventory: The skill is authorized to use
Bash,Write, andEdittools, and it implements a subprocess execution wrapper inscripts/connections.py.\n - Sanitization: No evidence of sanitization or content validation exists for the remote data before it is processed by the LLM to generate or modify server code.\n- [COMMAND_EXECUTION]: The skill executes system commands to facilitate the testing and evaluation of MCP servers.\n
- Evidence: The
scripts/evaluation.pyandscripts/connections.pyscripts allow the agent to launch MCP servers via thestdiotransport, which executes subprocesses using commands and arguments provided via CLI or agent tools.\n- [EXTERNAL_DOWNLOADS]: The skill fetches dynamic content from a remote vendor service.\n - Evidence: The orchestrator is designed to retrieve 'latest MCP patterns' and 'development intelligence' from the Context7 library, which serves as a remote repository for development standards.
Audit Metadata