mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The MCPConnectionStdio class in scripts/connections.py allows for the execution of arbitrary system commands to launch MCP servers. While this is the intended design of the protocol, it provides a powerful capability for subprocess execution.
- [EXTERNAL_DOWNLOADS] (LOW): The skill depends on the anthropic and mcp Python packages. These are provided by trusted organizations, so the download finding is downgraded to LOW per the [TRUST-SCOPE-RULE].
- [DATA_EXFILTRATION] (LOW): The MCPConnectionSSE and MCPConnectionHTTP classes facilitate network requests to external URLs, which could be exploited for data exfiltration if the agent interacts with malicious endpoints.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from external MCP tools without explicit sanitization or instruction boundaries. 1. Ingestion points: Remote tool outputs in scripts/connections.py. 2. Boundary markers: Absent. 3. Capability inventory: Local command execution and network requests. 4. Sanitization: Absent; tool results are returned directly to the model context.
Audit Metadata