mcp-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill has a significant attack surface because it instructs the agent to fetch external content (documentation and sitemaps) and use it to guide code generation and tool testing. 1. Ingestion points: External fetches from modelcontextprotocol.io and raw.githubusercontent.com. 2. Boundary markers: None; the agent is not instructed to ignore embedded instructions in these external sources. 3. Capability inventory: The skill encourages running npm run build and npx @modelcontextprotocol/inspector on generated code. 4. Sanitization: None specified.
- [External Downloads] (MEDIUM): The skill fetches README files and protocol specifications from modelcontextprotocol.io and the modelcontextprotocol GitHub organization, which are not listed in the Trusted External Sources.
- [Command Execution] (MEDIUM): The skill recommends executing build and testing commands (npm run build, npx) on code that is dynamically generated based on external, untrusted input.
Recommendations
- AI detected serious security threats
Audit Metadata