mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation from official sources such as modelcontextprotocol.io and the modelcontextprotocol organization on GitHub. These are well-known and trusted entities.
- [COMMAND_EXECUTION]: The evaluation script (scripts/evaluation.py) includes functionality to launch local MCP servers as subprocesses using the stdio transport. This is a standard developer feature required for testing and integrating local servers.
- [REMOTE_CODE_EXECUTION]: The testing harness supports connecting to remote MCP servers using Server-Sent Events (SSE) and Streamable HTTP, allowing for the evaluation of servers hosted in remote environments according to the official protocol specification.
- [PROMPT_INJECTION]: The skill provides an evaluation framework that ingests test questions from external XML files to be processed by an LLM. This represents a functional ingestion surface for indirect prompt injection. 1. Ingestion points: scripts/evaluation.py reads data from an XML file via the parse_evaluation_file function. 2. Boundary markers: The evaluation prompt uses XML tags to structure the assistant's output, but the user-provided question is included directly in the message history. 3. Capability inventory: The testing agent is equipped with the ability to call any tools registered on the MCP server being tested. 4. Sanitization: No explicit sanitization or filtering of the question content is performed before it is passed to the language model.
Audit Metadata