mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The
MCPConnectionStdioclass inscripts/connections.pyusesmcp.client.stdioto execute local system commands. This is a core functionality for local tool integration and is used as intended by the protocol. - [External Downloads] (LOW): The skill facilitates network connections to external URLs via
MCPConnectionSSEandMCPConnectionHTTPinscripts/connections.py. This is standard behavior for remote MCP server integration. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external tools, creating a surface for indirect prompt injection. \n
- Ingestion points: Tool outputs are retrieved via the
call_toolmethod inscripts/connections.py. \n - Boundary markers: None implemented in the script to separate tool output from instructions. \n
- Capability inventory: Subprocess execution and network access are available in the connection classes. \n
- Sanitization: None; data is returned as raw content objects.
Audit Metadata