Skills
skills/composiohq/awesome-claude-skills/mcp-builder/Gen Agent Trust Hub

mcp-builder

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The 'MCPConnectionStdio' class in 'scripts/connections.py' allows execution of arbitrary shell commands. Evidence: The class takes a 'command' string and 'args' list and passes them to the 'stdio_client' function which spawns a subprocess.
  • EXTERNAL_DOWNLOADS (MEDIUM): 'MCPConnectionSSE' and 'MCPConnectionHTTP' in 'scripts/connections.py' initiate network requests to user-specified URLs. Evidence: These classes use 'sse_client' and 'streamablehttp_client' to connect to remote endpoints provided via the 'url' parameter.
  • REMOTE_CODE_EXECUTION (LOW): While intended for MCP connectivity, these utilities could facilitate RCE if an agent blindly passes untrusted user input to the connection factory.
  • INDIRECT_PROMPT_INJECTION (LOW): Vulnerability surface detected in 'scripts/connections.py'. 1. Ingestion points: 'command' and 'url' arguments in 'create_connection'. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess spawning and HTTP/SSE networking. 4. Sanitization: None identified in the provided script.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:42 PM