mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes functionality to execute local commands and scripts. Specifically,
scripts/connections.pyandscripts/evaluation.pyuse thestdio_clientfrom the MCP SDK to spawn subprocesses representing the servers being tested. This is a primary function of the test harness. - [PROMPT_INJECTION]: The
scripts/evaluation.pyscript is susceptible to indirect prompt injection. It parses external XML files (evaluation.xml) and interpolates the<question>content directly into the user message for the LLM without sanitization or protective boundary markers. - Ingestion points: The
parse_evaluation_filefunction inscripts/evaluation.pyreads data from an XML file. - Boundary markers: Absent; the question text is passed directly into the agent context.
- Capability inventory: The script has capabilities to execute local commands (via MCP connections) and perform network operations (via the Anthropic client and remote MCP transports).
- Sanitization: Absent; the raw text from the external file is utilized directly.
- [EXTERNAL_DOWNLOADS]: The documentation and guides within the skill (
SKILL.md,reference/mcp_best_practices.md) instruct the agent to fetch the official MCP protocol specification and SDK documentation from the official Model Context Protocol website and GitHub repositories. These references target well-known and trusted sources.
Audit Metadata