Skills
skills/dvduongth/skills/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The evaluation scripts (scripts/evaluation.py and scripts/connections.py) allow for the execution of arbitrary local commands via the stdio transport using user-provided CLI arguments. This is the intended mechanism for running and testing local MCP servers.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection in scripts/evaluation.py. The script ingests question text from XML files and response data from external MCP servers, passing them directly into the LLM context without sanitization. Ingestion points: scripts/evaluation.py lines 48 and 103; Boundary markers: Absent; Capability inventory: subprocess for server launch and anthropic for LLM calls; Sanitization: Absent.
  • [EXTERNAL_DOWNLOADS]: SKILL.md directs users to fetch documentation and schemas from official Model Context Protocol domains and GitHub repositories. These are recognized as trusted or well-known sources for development resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 09:04 AM