Skills
skills/binhmuc/autobot-review/mcp-builder/Gen Agent Trust Hub

mcp-builder

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The MCPConnectionStdio class in scripts/connections.py uses the stdio_client to execute arbitrary system commands. This represents a critical capability that allows for unauthorized command execution if the command or its arguments are derived from untrusted user prompts.
  • REMOTE_CODE_EXECUTION (HIGH): The skill functions as a Category 8 Indirect Prompt Injection surface. Ingestion points: list_tools and call_tool methods in scripts/connections.py. Boundary markers: None. Capability inventory: Includes both subprocess execution (stdio_client) and network access (sse_client, streamablehttp_client). Sanitization: None. A malicious external MCP server could return tool definitions or results that manipulate the agent into performing unauthorized actions on the host system.
  • DATA_EXFILTRATION (MEDIUM): The MCPConnectionSSE and MCPConnectionHTTP classes allow connections to arbitrary URLs without validation. This could be used by an attacker to facilitate Server-Side Request Forgery (SSRF) or to exfiltrate sensitive data from the agent's environment to an external endpoint.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:22 AM