mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The MCPConnectionStdio class in scripts/connections.py enables the execution of local system commands. While this is part of the MCP standard, it allows an agent to run arbitrary processes if the command or arguments are controlled by an untrusted prompt or external source.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill implements support for SSE and HTTP transports in scripts/connections.py, allowing connections to arbitrary remote URLs. Without domain whitelisting, this capability could be used for data exfiltration or to connect to malicious servers.
Audit Metadata