mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill's evaluation harness, located in
scripts/evaluation.pyandscripts/connections.py, is designed to execute local MCP servers. It uses thestdiotransport mechanism to spawn subprocesses based on user-provided commands and arguments (e.g., runningpython server.py). This is a core functional requirement for testing local MCP implementations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its evaluation XML files.
- Ingestion points:
scripts/evaluation.pyparses a user-provided XML file containing questions. - Boundary markers: The system prompt uses specific XML tags (
<summary>,<feedback>,<response>) to guide the agent's output structure. - Capability inventory: The script can execute subprocesses via the MCP library and perform network requests to the Anthropic API.
- Sanitization: Question text from the XML is interpolated directly into the LLM message history without specific sanitization or filtering.
- [EXTERNAL_DOWNLOADS]: The documentation in
SKILL.mdrecommends fetching official specifications and SDK documentation frommodelcontextprotocol.ioand themodelcontextprotocolorganization on GitHub. These are recognized as trusted, authoritative sources for the protocol.
Audit Metadata