mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs the agent to fetch and process content from 'modelcontextprotocol.io' and 'github.com/modelcontextprotocol'. Neither the domain nor the organization are included in the trusted external sources list, presenting a risk of ingesting unverified documentation from a non-whitelisted source.
- [COMMAND_EXECUTION] (MEDIUM): The helper script 'scripts/connections.py' contains functionality to establish 'stdio' connections by spawning subprocesses with provided commands and arguments. While this is a standard feature for MCP development, it provides a direct path for arbitrary command execution if an attacker can influence the connection parameters through the agent.
- [PROMPT_INJECTION] (LOW): The skill possesses a surface for Indirect Prompt Injection. Ingestion points: External documentation URLs in SKILL.md. Boundary markers: Absent. Capability inventory: scripts/connections.py (subprocess execution via stdio, network requests via HTTP/SSE). Sanitization: None. Description: The agent's exposure to untrusted external documentation, combined with its ability to execute local commands and make network requests via the provided scripts, creates a surface for indirect prompt injection.
Audit Metadata