mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches README files and protocol specifications from official, well-known sources, including the
modelcontextprotocolGitHub organization and its official documentation site. These resources are used to provide the agent with the latest protocol standards and SDK usage patterns. - [COMMAND_EXECUTION]: The
scripts/evaluation.pyandscripts/connections.pyfiles provide functionality to execute local commands for starting MCP servers when using thestdiotransport. This execution is an intended core feature triggered by specific user-provided arguments for the purpose of automated testing. - [PROMPT_INJECTION]: The evaluation loop in
scripts/evaluation.pyprocesses untrusted data from user-provided XML files and MCP tool outputs. While this constitutes an indirect prompt injection surface, the skill mitigates risk through the following measures: - Ingestion points: Evaluation questions are parsed from XML via
parse_evaluation_file; tool outputs are received through the MCP connection in theagent_loopfunction. - Boundary markers: The
EVALUATION_PROMPTenforces a strict output format using XML tags (<summary>,<feedback>,<response>) to separate the model's internal processing from its final output. - Capability inventory: The script can execute local subprocesses (to launch servers) and make network requests to the Anthropic API and external MCP endpoints.
- Sanitization: All tool outputs are stringified or JSON-encoded before being incorporated into the prompt history to prevent structure-based confusion.
Audit Metadata