Skills
skills/akornmeier/claude-config/mcp-builder/Gen Agent Trust Hub

mcp-builder

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The MCPConnectionStdio class in scripts/connections.py utilizes the mcp.client.stdio.stdio_client function to execute local system commands.
  • Evidence: The _create_context method passes self.command, self.args, and self.env directly to the StdioServerParameters constructor.
  • Risk: If an agent receives instructions (via prompt injection or malicious data) to create a connection with a malicious command (e.g., rm -rf / or a reverse shell), the skill will execute it with the privileges of the agent process.
  • [DATA_EXFILTRATION] (MEDIUM): The MCPConnectionSSE and MCPConnectionHTTP classes allow the agent to initiate outbound network requests to arbitrary URLs.
  • Evidence: The classes take a url and headers dictionary and pass them to sse_client or streamablehttp_client respectively.
  • Risk: These methods could be used to send sensitive local data or environment variables (found in the agent's context) to an attacker-controlled endpoint by embedding data in the URL path, query parameters, or request headers.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): While not direct remote code execution in the traditional sense, the ability to connect to an untrusted MCP server via SSE or HTTP means the agent will then interact with tools defined by that remote server.
  • Risk: A malicious remote MCP server can return tool definitions or outputs designed to exploit the agent's reasoning or trick it into performing dangerous actions on the local host.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:58 PM