mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the evaluation harness in scripts/evaluation.py. It ingests task questions from user-provided XML files and passes them directly to the AI agent as instructions without boundary markers or sanitization. Evidence: Ingestion point (scripts/evaluation.py, parse_evaluation_file); Boundary markers (Absent); Capability inventory (Agent access to MCP server tools); Sanitization (Absent).
- [COMMAND_EXECUTION]: The scripts/evaluation.py script utilizes the stdio transport to launch local MCP servers, which involves executing user-specified commands and arguments via subprocesses. While essential for testing local server implementations, this capability allows for the execution of arbitrary local code on the host system.
- [EXTERNAL_DOWNLOADS]: The implementation guides reference fetching official protocol documentation and SDK README files from modelcontextprotocol.io and its associated GitHub repositories.
Audit Metadata