mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/evaluation.pyandscripts/connections.pyscripts enable the execution of local shell commands to launch MCP servers via the stdio transport. This is a core feature for testing server implementations but allows for arbitrary command execution based on user-provided arguments.\n - Ingestion points: CLI arguments
-cand-apassed to the evaluation script.\n - Capability: Spawns local subprocesses using the
mcplibrary.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation and specifications frommodelcontextprotocol.ioand GitHub repositories belonging to themodelcontextprotocolorganization. These are official and trusted sources for the protocol.\n- [PROMPT_INJECTION]: The evaluation framework processes external questions from XML files, which presents a surface for indirect prompt injection.\n - Ingestion points:
scripts/evaluation.pyreads task questions from an XML file provided by the user.\n - Boundary markers: Lacks specific delimiters or warnings to prevent the LLM from obeying instructions embedded in the evaluation questions.\n
- Capability inventory: The script can execute local commands and perform network operations via the Anthropic API.\n
- Sanitization: No validation or sanitization is performed on the questions before they are interpolated into the system prompt.
Audit Metadata