mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The evaluation harness (
scripts/evaluation.py) and connection utility (scripts/connections.py) facilitate the execution of arbitrary local commands through the 'stdio' transport. This capability is intended for running the MCP server under test but could be exploited if provided with malicious arguments. - [PROMPT_INJECTION]: The evaluation process is vulnerable to indirect prompt injection from the XML files it processes. 1. Ingestion points:
scripts/evaluation.pyingests untrusted questions from an XML evaluation file. 2. Boundary markers: TheEVALUATION_PROMPTdefines output tags but lacks markers to encapsulate or neutralize instructions within the input questions. 3. Capability inventory: The scripts can execute local subprocesses, perform HTTP/SSE network requests, and call the Anthropic API. 4. Sanitization: No sanitization or validation is applied to the question content before inclusion in the LLM prompt. - [EXTERNAL_DOWNLOADS]: The skill documentation references fetching configuration and SDKs from the Model Context Protocol official GitHub repositories and website.
Audit Metadata