mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The
scripts/connections.pyfile includes anMCPConnectionStdioclass that uses thestdio_clientto launch local processes. This utility allows an agent to execute arbitrary commands and arguments on the host system. This is a high-risk capability if the command parameters are influenced by untrusted input. - PROMPT_INJECTION (LOW): The skill templates in the
examples/directory are susceptible to Indirect Prompt Injection (Category 8) due to the ingestion of external API data without output sanitization or boundary markers. - Ingestion points: External data enters the context via
fetch_from_apiandfetch_userin theexamples/directory scripts. - Boundary markers: No specific delimiters or 'ignore instructions' warnings are included in the response templates within the example code.
- Capability inventory: The skill provides subprocess execution via
scripts/connections.pyand network access capabilities. - Sanitization: Input validation is performed via Pydantic and Zod schemas, but there is no evidence of sanitizing external data before it is returned to the agent context.
- EXTERNAL_DOWNLOADS (LOW):
SKILL.mdcontains instructions for the agent to download protocol specifications and SDK details frommodelcontextprotocol.ioandgithub.com. These are trusted sources per standard guidelines, but the behavior constitutes an external dependency for the skill logic.
Audit Metadata