mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The
MCPConnectionStdioclass inscripts/connections.pyusesmcp.client.stdio.stdio_clientto spawn subprocesses based on provided command and argument parameters. While this is the standard mechanism for MCP stdio transport, it allows for arbitrary command execution if the connection parameters are influenced by untrusted external data. - EXTERNAL_DOWNLOADS (LOW): The
MCPConnectionSSEandMCPConnectionHTTPclasses inscripts/connections.pyfacilitate network requests to external URLs. This functionality represents a surface for potential Server-Side Request Forgery (SSRF) or data exfiltration if the agent is directed to connect to malicious endpoints. - INDIRECT_PROMPT_INJECTION (LOW): The
call_toolmethod inscripts/connections.pyretrieves content from external MCP servers. This content is an ingestion point for untrusted data that could contain hidden instructions if subsequently processed by an LLM without proper sanitization or boundary markers.
Audit Metadata