Skills
skills/bmad-labs/skills/mcp-builder/Gen Agent Trust Hub

mcp-builder

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The script scripts/connections.py facilitates running local processes via the stdio transport. Evidence: MCPConnectionStdio uses mcp.client.stdio.stdio_client to launch binaries defined by command parameters. Context: This is a core requirement for testing local MCP servers, but it allows the agent to spawn arbitrary subprocesses.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): Phase 3.2 of SKILL.md recommends using npx @modelcontextprotocol/inspector for testing. Evidence: npx downloads and executes code from the npm registry at runtime. Context: This executes unverified remote code from a registry outside of the provided trusted organization list.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the agent to fetch documentation from external URLs, creating a surface for indirect prompt injection. Evidence Chain: Ingestion points: SKILL.md (Phase 1.2, 1.3) links to modelcontextprotocol.io and GitHub; Boundary markers: Absent; Capability inventory: scripts/connections.py provides command execution; Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:11 PM