mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The
connections.pyscript includes theMCPConnectionStdioclass which executes local commands to initialize MCP servers. While this is the standard mechanism for the Model Context Protocol, providing an execution wrapper is a capability that requires careful handling to prevent arbitrary command injection if the input strings are influenced by untrusted data.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill directs the agent to fetch documentation frommodelcontextprotocol.ioandraw.githubusercontent.com. These are legitimate project sources and the downloads are for informational markdown content rather than executable scripts.\n- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface identified due to the ingestion of external documentation without safety boundaries.\n - Ingestion points:
SKILL.mdinstructions to fetch markdown documentation from external protocol websites and GitHub repositories.\n - Boundary markers: None. The skill does not implement delimiters or warnings to ignore instructions within the fetched markdown.\n
- Capability inventory: The supporting
connections.pyscript provides functionality for subprocess execution (stdio) and network communication (HTTP/SSE).\n - Sanitization: None observed in the provided codebase.
Audit Metadata