Skills
skills/davila7/claude-code-templates/mcp-builder/Gen Agent Trust Hub

mcp-builder

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The MCPConnectionStdio class in scripts/connections.py implements a wrapper for executing system commands.
  • Evidence: Line 90: stdio_client(StdioServerParameters(command=self.command, args=self.args, env=self.env)). This allows the agent to spawn subprocesses for any executable provided to the command argument.
  • EXTERNAL_DOWNLOADS (LOW): The skill implements network transport clients for SSE and HTTP protocols.
  • Evidence: MCPConnectionSSE and MCPConnectionHTTP in scripts/connections.py allow connections to arbitrary external URLs.
  • Indirect Prompt Injection (LOW): The skill acts as a bridge to external data sources, creating an attack surface for instructions embedded in remote tool outputs.
  • Ingestion points: scripts/connections.py (via sse_client, stdio_client, and streamablehttp_client).
  • Boundary markers: None. Data is passed directly from the MCP session to the agent.
  • Capability inventory: Subprocess execution via stdio_client, network requests via SSE/HTTP.
  • Sanitization: No sanitization or validation logic is applied to the tool results or server responses.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:51 PM