Skills
skills/claudiodearaujo/izacenter/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/connections.py and scripts/evaluation.py files enable the execution of local MCP servers. When using the stdio transport, the harness launches user-specified commands (e.g., python server.py) as subprocesses. This is the standard mechanism for interacting with local MCP servers during development.
  • [EXTERNAL_DOWNLOADS]: The documentation within SKILL.md and reference files points to official Model Context Protocol resources on modelcontextprotocol.io and GitHub. These are used to fetch the latest protocol specifications and SDK documentation. The evaluation script also correctly connects to the Anthropic API to facilitate LLM-based testing.
  • [PROMPT_INJECTION]: The scripts/evaluation.py script utilizes a system prompt to define the behavior of an evaluation agent. It handles user-provided questions from XML files. While this represents an indirect prompt injection surface, it is the intended functionality of the evaluation harness to test how an LLM handles various queries using the server's tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:14 AM