Skills
skills/leastbit/claude_skills_zh-cn/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill references documentation from 'modelcontextprotocol.io' and 'github.com/modelcontextprotocol'. These domains are not included in the pre-defined trusted source list.
  • PROMPT_INJECTION (LOW): This skill is vulnerable to Indirect Prompt Injection through documentation fetching. 1. Ingestion: SKILL.md instructions to fetch external URLs. 2. Boundary markers: Absent. 3. Capability inventory: scripts/connections.py allows local process spawning via stdio. 4. Sanitization: Absent.
  • COMMAND_EXECUTION (SAFE): The connections.py script correctly implements command execution for communicating with MCP servers as per the protocol specification.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:11 PM