Skills
skills/composiohq/awesome-codex-skills/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The MCPConnectionStdio class in scripts/connections.py enables the execution of system commands via the MCP stdio transport. This is a core protocol feature but requires the execution environment to be secured.\n- EXTERNAL_DOWNLOADS (LOW): The MCPConnectionSSE and MCPConnectionHTTP classes in scripts/connections.py allow connections to external URLs, which could be used for data retrieval or interaction with remote services.\n- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection via tool outputs.\n
  • Ingestion points: Data returned by the call_tool method in scripts/connections.py is integrated into the agent's context.\n
  • Boundary markers: No boundary markers or instruction-ignoring delimiters are implemented for tool results.\n
  • Capability inventory: The skill can execute local commands (stdio) and initiate network requests (SSE/HTTP).\n
  • Sanitization: There is no evidence of sanitization or validation of the content received from MCP servers before it is returned to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:14 PM