mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches official documentation and SDK readmes from the Model Context Protocol website and its GitHub organization repositories. These are well-known, official sources for the technology and are necessary for the skill's purpose.
- [COMMAND_EXECUTION]: Includes a Python script (
scripts/evaluation.py) that executes local commands to run and test MCP servers via the standard input/output (stdio) transport method. This is the primary functional requirement for building and evaluating local server implementations. - [PROMPT_INJECTION]: The evaluation harness processes content from external XML files and tool outputs from the MCP server being tested, presenting a standard indirect prompt injection surface. The script utilizes structured system prompts and output tags to mitigate accidental instruction following.
Audit Metadata