Skills
skills/langbaseinc/agent-skills/mcp-builder/Gen Agent Trust Hub

mcp-builder

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The MCPConnectionStdio class in scripts/connections.py uses mcp.client.stdio.stdio_client to spawn subprocesses. This transport mechanism allows for the execution of arbitrary system commands. If the command or args parameters are sourced from untrusted agent prompts, an attacker can execute malicious scripts on the host.
  • REMOTE_CODE_EXECUTION (HIGH): The skill serves as a client for external MCP servers. Maliciously crafted responses from a remote server (via SSE or HTTP) could exploit the agent's processing of tool definitions or outputs (Indirect Prompt Injection), leading to unauthorized actions.
  • DATA_EXFILTRATION (MEDIUM): The MCPConnectionSSE and MCPConnectionHTTP classes allow for outbound network connections to arbitrary URLs. This can be used to exfiltrate sensitive data if the agent is manipulated into connecting to an attacker-controlled endpoint.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:45 PM