mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides scripts (scripts/connections.py and scripts/evaluation.py) that enable the agent to launch MCP servers as local subprocesses using the stdio transport. This functionality is essential for testing and validating the servers being developed.\n- [EXTERNAL_DOWNLOADS]: The implementation guide directs the agent to retrieve documentation and SDK information from well-known and official sources, including the Model Context Protocol website and GitHub repositories. These downloads are restricted to technical documentation and are sourced from trusted organizations.\n- [PROMPT_INJECTION]: The evaluation system in scripts/evaluation.py presents an indirect prompt injection surface by processing external data as model input.\n
- Ingestion points: Evaluation questions are read from local XML files (eval_file) in scripts/evaluation.py.\n
- Boundary markers: Input questions are not wrapped in security delimiters or provided with instructions to ignore embedded directives.\n
- Capability inventory: The evaluation loop allows the LLM to execute tools provided by the MCP server under test, which may include network or file system operations depending on the server implementation.\n
- Sanitization: There is no logic to sanitize or validate the content of the evaluation questions before they are passed to the LLM.
Audit Metadata