mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (SAFE): The
MCPConnectionStdioclass inscripts/connections.pyutilizesmcp.client.stdio.stdio_clientto execute local commands. This is a standard and necessary function for connecting to MCP servers via standard input/output streams. As long as the commands and arguments are not derived from untrusted user input without validation, this is a routine capability. - EXTERNAL_DOWNLOADS (SAFE): The
MCPConnectionSSEandMCPConnectionHTTPclasses inscripts/connections.pyfacilitate network connections to external URLs using Server-Sent Events and HTTP. This allows the agent to communicate with remote MCP servers. No hardcoded or suspicious URLs were found in the codebase. - [Category 8] INDIRECT_PROMPT_INJECTION (LOW): The skill represents an attack surface for indirect prompt injection because it ingests tool definitions and execution results from external MCP servers.
- Ingestion points: Data enters the agent context through
list_toolsandcall_toolmethods inscripts/connections.py. - Boundary markers: No explicit boundary markers or instruction-ignoring delimiters are implemented in this transport-layer logic.
- Capability inventory: The skill can execute local subprocesses (via
stdio_client) and perform network operations (viasse_clientandstreamablehttp_client). - Sanitization: There is no evidence of sanitization or validation of the data returned by the MCP servers before it is passed back to the agent.
Audit Metadata