mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The
SKILL.mdinstructions direct the agent to fetch documentation and SDK READMEs frommodelcontextprotocol.ioandraw.githubusercontent.com/modelcontextprotocol. These domains and organizations are not included in the 'Trusted External Sources' whitelist, making them unverifiable. - COMMAND_EXECUTION (MEDIUM): The file
scripts/connections.pycontains theMCPConnectionStdioclass which usesmcp.client.stdio.stdio_client. This function spawns a subprocess using a providedcommandandargs. If these parameters are derived from untrusted input (e.g., from fetched documentation or user prompts), it could lead to arbitrary command execution. - REMOTE_CODE_EXECUTION (MEDIUM): The skill guides the user/agent to run
npx @modelcontextprotocol/inspectorin Phase 3. This command downloads and executes code from the npm registry at runtime. - PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface (Category 8).
- Ingestion points:
SKILL.mdexplicitly instructs the agent to useWebFetchto load external documentation frommodelcontextprotocol.ioand GitHub. - Boundary markers: Absent. There are no instructions to treat the fetched content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill possesses the ability to execute shell commands (
connections.py) and perform network operations. - Sanitization: No sanitization logic is present to filter or validate the content retrieved from external URLs before it influences agent behavior.
Audit Metadata