mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The script provides a generic interface for executing local processes through the MCP stdio transport.
- Evidence: In
scripts/connections.py, theMCPConnectionStdioclass accepts acommandandargslist, which are passed directly tomcp.client.stdio.stdio_clientto spawn a subprocess. - Risk: This mechanism can be exploited to perform arbitrary command execution on the host system if the agent is tricked into passing malicious strings to the
create_connectionfactory. - EXTERNAL_DOWNLOADS (LOW): The skill implements remote connection capabilities via HTTP and Server-Sent Events (SSE).
- Evidence:
MCPConnectionSSEandMCPConnectionHTTPclasses inscripts/connections.pytake aurlparameter to establish outbound connections. - Risk: While these are standard transport methods for MCP, they provide a vector for data exfiltration or communication with attacker-controlled command-and-control (C2) servers.
- INDIRECT_PROMPT_INJECTION (LOW): The connection utility acts as a high-privilege tool without input sanitization.
- Ingestion points: Arguments passed to
create_connectioninscripts/connections.py. - Boundary markers: None present; the skill assumes the caller provides safe commands and URLs.
- Capability inventory: Subprocess execution (stdio transport) and network operations (HTTP/SSE transport).
- Sanitization: None; the code relies on the underlying
mcplibrary for transport but does not validate the safety of the commands or endpoints themselves.
Audit Metadata