mcp-builder
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The evaluation script
scripts/evaluation.pyincorporates content from user-provided XML files directly into the agent's prompt, creating a risk of indirect prompt injection. - Ingestion points: The
eval_file(XML) read byscripts/evaluation.py. - Boundary markers: None. The question is appended directly to the message context.
- Capability inventory: The script can invoke arbitrary tools exposed by the connected MCP server, which may include file system access, network operations, or shell command execution as documented in the best practices.
- Sanitization: None. The content is used verbatim.
- [COMMAND_EXECUTION]: The skill facilitates the execution of MCP servers as local subprocesses using the
stdiotransport mechanism inscripts/connections.pyandscripts/evaluation.py. The commands and arguments are typically supplied via command-line interface parameters during evaluation. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch Model Context Protocol (MCP) specifications and SDK documentation from official sources, including
modelcontextprotocol.ioand the Model Context Protocol organization on GitHub.
Audit Metadata