build-mcp-server
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the Model Context Protocol (MCP) SDKs and tooling using standard package managers (npm, pip, uv). These dependencies are sourced from official and well-known repositories associated with the protocol.
- [COMMAND_EXECUTION]: Includes setup commands for initializing projects via npx and provides templates for modifying the Claude Desktop configuration. These actions are standard requirements for integrating local MCP servers with AI clients.
- [PROMPT_INJECTION]: The skill demonstrates the creation of prompt templates that interpolate external data. While this presents an indirect prompt injection surface, the documentation proactively addresses this by providing a dedicated security section that recommends strict input validation and sanitization.
- [DATA_EXFILTRATION]: Contains code examples for building tools that access the file system and databases. The skill mitigates potential abuse by including safety rules such as path normalization, allowlisting, and the use of read-only permissions for data resources.
Audit Metadata