anthropic-mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements automated testing via
scripts/evaluation.pyandscripts/connections.py, which utilize the Model Context Protocol library to spawn local subprocesses using user-provided commands and arguments. This functionality is the primary intended purpose of the evaluation harness for server development. - [EXTERNAL_DOWNLOADS]:
SKILL.mdand the reference implementation guides instruct the agent to fetch documentation and schema information from trusted and well-known sources, specifically the officialmodelcontextprotocol.iowebsite and verifiedmodelcontextprotocolorganization repositories on GitHub. - [PROMPT_INJECTION]: The evaluation loop in
scripts/evaluation.pypresents an indirect prompt injection surface by ingesting external data from question files and tool results from connected servers into the agent context. 1. Ingestion points: XML evaluation files and tool outputs within the agent loop inscripts/evaluation.py. 2. Boundary markers: The script relies on theEVALUATION_PROMPTsystem instructions and standard SDK tool result structures to isolate untrusted content. 3. Capability inventory: The skill facilitates local command execution viastdioand manages network connections via SSE and HTTP transports. 4. Sanitization: The script lacks explicit content filtering or sanitization of data returned by tools before it is interpolated into the AI model's prompt.
Audit Metadata