mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): scripts/connections.py contains the MCPConnectionStdio class which utilizes stdio_client to launch subprocesses. This allows for arbitrary command execution based on the command and args parameters passed to the create_connection factory function. If these parameters are influenced by untrusted input, it could lead to unauthorized system access.
- [EXTERNAL_DOWNLOADS] (LOW): scripts/connections.py implements SSE and HTTP transports through MCPConnectionSSE and MCPConnectionHTTP. These classes facilitate network connections to external URLs, creating a potential path for data exfiltration or Server-Side Request Forgery (SSRF) if the target URLs are not validated.
- [Indirect Prompt Injection] (LOW): The skill creates an attack surface for indirect prompt injection by ingesting data from external MCP tools. 1. Ingestion points: Tool results retrieved via call_tool in scripts/connections.py. 2. Boundary markers: No delimiters or instruction-bypass protections are present in the connection logic. 3. Capability inventory: The skill has the capability to execute shell commands and perform network operations. 4. Sanitization: There is no evidence of output sanitization or input validation in the provided scripts.
Audit Metadata