mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill instructs the agent to fetch documentation from official sources (modelcontextprotocol.io and GitHub). These downloads are restricted to documentation (Markdown and XML) and do not involve executable scripts from untrusted sources.
- COMMAND_EXECUTION (SAFE): The provided Python script
connections.pycontains classes for managing MCP server connections, including local process execution viastdio. This is standard, intended functionality for testing and running MCP servers during development. - PROMPT_INJECTION (SAFE): The instructions follow a standard educational format for developers and do not contain any attempt to bypass safety filters or override agent behavior.
- CREDENTIALS_UNSAFE (SAFE): No hardcoded secrets or API keys were found in the scripts or documentation.
Audit Metadata