mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate technical documentation and tools for software development. No malicious patterns, obfuscation, or unauthorized data access were found.\n- [EXTERNAL_DOWNLOADS]: The skill references documentation and SDK resources from official and well-known repositories (modelcontextprotocol.io and GitHub). These downloads are for documentation purposes and originate from trusted sources within the developer community.\n- [COMMAND_EXECUTION]: The evaluation script (scripts/evaluation.py) is designed to launch local MCP server processes for testing. This is a functional requirement for the tool and is managed by the user via command-line arguments.\n- [PROMPT_INJECTION]: The testing harness ingests task questions from XML files. While this represents a potential surface for indirect prompt injection, it is an inherent part of the evaluation process for LLM-based tools, and no malicious injection content was detected.
Audit Metadata