mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches protocol documentation and SDK README files from official Model Context Protocol repositories and its main website. These references target trusted, well-known organizations.
- [COMMAND_EXECUTION]: The
evaluation.pyandconnections.pyscripts execute local commands provided by the user to launch MCP servers. This is an intended and essential feature for testing MCP servers via the standard input/output (stdio) transport. - [PROMPT_INJECTION]: The evaluation script processes tool outputs from external servers, which constitutes an indirect prompt injection surface. However, the system incorporates boundary markers and structured XML-tag responses to guide the agent and manage untrusted content.
- Ingestion points: Tool results ingested from the tested MCP server in
scripts/evaluation.py. - Boundary markers: The
EVALUATION_PROMPTenforces the use of specific tags such as<summary>,<feedback>, and<response>. - Capability inventory: The harness manages server subprocesses and performs network communication with the Anthropic API.
- Sanitization: Server outputs are stringified or JSON-encoded before being incorporated into the agent's context.
Audit Metadata