mcp-builder
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational and functional resource for developers implementing the Model Context Protocol (MCP). It contains guidance on project structure, tool design, and evaluation strategies.
- [EXTERNAL_DOWNLOADS]: The documentation references official resources from the Model Context Protocol organization on GitHub (e.g.,
modelcontextprotocol/typescript-sdk,modelcontextprotocol/python-sdk). These are authoritative sources for the protocol and are used to provide the user with the most up-to-date SDK information. - [COMMAND_EXECUTION]: The provided Python script
scripts/evaluation.pyuses themcplibrary to launch local MCP servers via the standard input/output (stdio) transport. This is a standard and intended mechanism of the protocol, used here specifically to allow developers to test their own server implementations during development. - [INDIRECT_PROMPT_INJECTION]: The evaluation harness is designed to interact with MCP servers and process their tool outputs. While this creates a theoretical surface for indirect injection if a server returns malicious content, the tool is intended for use in a local development context where the developer controls the server being tested.
Audit Metadata