Skills
skills/jmsktm/claude-settings/mcp-builder/Gen Agent Trust Hub

mcp-builder

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The MCPConnectionStdio class in scripts/connections.py utilizes the stdio_client to spawn subprocesses. It accepts arbitrary command, args, and env parameters.
  • Evidence: stdio_client(StdioServerParameters(command=self.command, args=self.args, env=self.env))
  • [REMOTE_CODE_EXECUTION] (HIGH): Because the create_connection factory function is designed to handle various transports dynamically, an agent instructed by untrusted input could be coerced into running a malicious local command under the guise of starting an MCP server.
  • [DATA_EXFILTRATION] (MEDIUM): The MCPConnectionSSE and MCPConnectionHTTP classes allow connections to arbitrary URLs. Without a domain whitelist, this capability can be used to exfiltrate data or perform SSRF attacks against internal network resources.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): This skill represents a high-risk capability surface. If the agent processes external data (like a website description of a 'useful MCP server') and uses that data to populate the command or url fields in create_connection, it will execute the attacker's payload.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:35 AM