moai-cc-mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The utility scripts
scripts/connections.pyandscripts/evaluation.pyimplement the Model Context Protocol's stdio transport, which allows the skill to execute local commands and launch subprocesses. This is a standard and expected mechanism for interacting with local MCP servers during development and testing. - [EXTERNAL_DOWNLOADS]: The skill is designed to use the
WebFetchtool to retrieve the latest MCP standards, architecture patterns, and documentation from external repositories (such as GitHub) to ensure generated servers comply with current protocol specifications. - [PROMPT_INJECTION]: The script
scripts/evaluation.pyprovides an attack surface for indirect prompt injection (Category 8) by processing external XML files containing test questions. If an agent processes questions from an untrusted evaluation file, it could be influenced by embedded instructions. - Ingestion points:
scripts/evaluation.pyreads test questions from XML files specified by the user via command-line arguments. - Boundary markers: The script uses a hardcoded system prompt (
EVALUATION_PROMPT) to frame the LLM's task and behavior. - Capability inventory: The evaluation harness has the ability to execute subprocesses (via
stdio_client) and call any tools provided by the target MCP server. - Sanitization: No explicit sanitization or filtering is performed on the question text before it is interpolated into the agent's prompt.
Audit Metadata