mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the agent to fetch documentation from 'modelcontextprotocol.io' and 'github.com/modelcontextprotocol'. These sources are not in the trusted whitelist of organizations provided in the security guidelines.
- PROMPT_INJECTION (MEDIUM): The instruction to ingest external documentation to guide code generation creates an indirect prompt injection surface. Evidence: 1. Ingestion points: SDK README files and protocol documentation URLs. 2. Boundary markers: Absent. 3. Capability inventory: The skill describes processes for generating implementation code and creating evaluations. 4. Sanitization: Absent.
- COMMAND_EXECUTION (MEDIUM): The skill suggests running 'npx @modelcontextprotocol/inspector', which involves downloading and executing a package from an organization not on the trusted whitelist.
Audit Metadata