Skills
skills/dalehurley/phpbot/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/evaluation.py and scripts/connections.py modules facilitate the execution of local shell commands via the stdio transport. This behavior is user-driven through command-line arguments and is essential for the skill's documented purpose of testing local MCP servers.
  • [EXTERNAL_DOWNLOADS]: The documentation and guides within the skill reference official SDKs and protocol specifications hosted on the modelcontextprotocol GitHub organization, which is a well-known and trusted source for this technology.
  • [PROMPT_INJECTION]: The evaluation harness in scripts/evaluation.py reads question data from an XML file and interpolates it into the prompt sent to the LLM. This provides a surface for indirect prompt injection if the input XML content is provided by an untrusted source, as there are no specific sanitization or boundary markers implemented for the question text.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:31 AM