mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The MCPConnectionStdio class in scripts/connections.py allows for the execution of local system commands. This is the intended primary purpose of the skill to facilitate MCP server communication but represents a capability that could be abused if command strings are influenced by untrusted input.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data from XML files and tool outputs, creating an attack surface for indirect prompt injection. 1. Ingestion points: scripts/example_evaluation.xml and the call_tool method in scripts/connections.py. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution via stdio_client and network requests via sse_client/streamablehttp_client. 4. Sanitization: Absent in the provided implementation.
Audit Metadata