Skills
skills/microsoft/skills/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The file scripts/connections.py implements MCPConnectionStdio, which utilizes the stdio_client from the mcp library to execute local processes.
  • Evidence: The _create_context method in MCPConnectionStdio passes command, args, and env parameters directly to StdioServerParameters for subprocess execution. This is a core feature of MCP but represents a significant security capability.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill supports network-based transport layers for MCP servers.
  • Evidence: MCPConnectionSSE and MCPConnectionHTTP in scripts/connections.py allow connections to arbitrary external URLs. While standard for the protocol, this facilitates outbound communication.
  • [REMOTE_CODE_EXECUTION] (LOW): Indirect Prompt Injection surface identified.
  • Ingestion points: Untrusted data enters the agent context via the call_tool method in scripts/connections.py, which returns result.content from external MCP servers.
  • Boundary markers: Absent; the code does not implement delimiters or warnings for the agent to ignore instructions embedded in tool outputs.
  • Capability inventory: The skill can execute subprocesses (stdio_client) and perform network operations (sse_client, streamablehttp_client).
  • Sanitization: Absent; the response content from the MCP server is returned directly without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:43 PM