mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides utility scripts (scripts/connections.py and scripts/evaluation.py) designed to execute local commands and scripts.\n
- The MCPConnectionStdio class uses the mcp library's stdio_client to launch subprocesses based on user-provided commands and arguments.\n
- This functionality is used to run and test locally developed MCP servers.\n- [EXTERNAL_DOWNLOADS]: Instructions in SKILL.md direct the agent to fetch documentation and reference materials from external sources.\n
- Documentation is retrieved from the official modelcontextprotocol.io domain.\n
- SDK README files are fetched from the modelcontextprotocol organization on GitHub.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection within the evaluation workflow.\n
- Ingestion points: The scripts/evaluation.py script parses external XML files (scripts/example_evaluation.xml) containing test questions and processes outputs from tools provided by the connected MCP server in agent_loop.\n
- Boundary markers: The EVALUATION_PROMPT uses XML tags (, , ) to separate agent reasoning from final answers, which helps mitigate but does not fully prevent instruction override.\n
- Capability inventory: The evaluation harness has the capability to execute local commands (via stdio) and perform network requests (via sse and http transports).\n
- Sanitization: Content ingested from the evaluation XML and tool results is interpolated directly into the LLM message history without specific sanitization or filtering.
Audit Metadata