Skills
skills/duc01226/easyplatform/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a comprehensive development and testing framework for Model Context Protocol (MCP) integrations. It provides instructions and scripts to facilitate building high-quality tools for AI agents.
  • [COMMAND_EXECUTION]: The scripts/evaluation.py and scripts/connections.py files allow for the execution of local MCP servers via the stdio transport layer. This enables the agent to run local processes (e.g., python server.py) to test tool functionality. This is a core, documented feature of the testing harness where the user explicitly provides the execution command.
  • [EXTERNAL_DOWNLOADS]: The documentation and skill instructions guide the agent to fetch the official MCP specification and SDK READMEs from trusted domains, including modelcontextprotocol.io and the official modelcontextprotocol GitHub organization. These references are documented neutrally as sources of technical specification.
  • [CREDENTIALS_SAFE]: The skill correctly instructs users to manage sensitive credentials, such as ANTHROPIC_API_KEY, through environment variables rather than hardcoding. The evaluation script follows this pattern. No hardcoded secrets were identified during analysis.
  • [INDIRECT_PROMPT_INJECTION]: The evaluation script processes data from user-provided XML files and captures output from connected MCP servers. While this is a potential ingestion point for indirect instructions, the risk is inherent to the purpose of testing tool-calling behavior. The script uses structured XML tags to maintain boundary markers in the agent's response.
  • Ingestion points: evaluation.xml files (via parse_evaluation_file) and external tool outputs (via connection.call_tool in scripts/evaluation.py).
  • Boundary markers: The EVALUATION_PROMPT enforces the use of <summary>, <feedback>, and <response> tags to isolate parts of the LLM output.
  • Capability inventory: The script can call any tool exposed by the connected server and interacts with the Anthropic API.
  • Sanitization: Uses XML tag extraction to parse agent responses, providing some structural isolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 06:29 AM