mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill contains instructions that lead to an indirect prompt injection surface by requiring the agent to ingest data from untrusted external sources.
- Ingestion points: The skill directs the agent to fetch content from
https://modelcontextprotocol.io/sitemap.xmland various README files from GitHub repositories (typescript-sdk,python-sdk). - Boundary markers: Absent. There are no instructions to treat the fetched content as untrusted or to wrap it in delimiters to prevent command hijacking.
- Capability inventory: The skill facilitates complex code generation, tool definition, and suggests the execution of build/test commands based on the external input.
- Sanitization: Absent. There is no requirement or mechanism to validate or sanitize the remote documentation before the agent interprets it.
- COMMAND_EXECUTION (LOW): The skill mentions executing standard development tools such as
npx @modelcontextprotocol/inspectorandnpm run build. While appropriate for a development guide, this involves executing code from external package registries.
Audit Metadata