mcp-builder
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill provides a template for a 'read_file' tool ('open(path).read()') that allows reading arbitrary files from the system without path validation or sandboxing.
- [Indirect Prompt Injection] (LOW): The skill defines several ingestion points for untrusted data (tool arguments) without implementing robust boundary markers or sanitization. 1. Ingestion points: 'query_db(sql)' and 'read_file(path)' in SKILL.md. 2. Boundary markers: Absent in provided templates. 3. Capability inventory: Includes file system access ('open'), network requests ('httpx'), and database interaction ('sqlite3'). 4. Sanitization: Minimal; the SQL example only checks for the 'SELECT' keyword, which is insufficient.
- [External Downloads] (SAFE): The skill uses standard libraries and a tool from a trusted source (@anthropics).
- [False Positive Note] (SAFE): Automated scanner alerts regarding 'request.params.name' are confirmed false positives as it is a code property reference.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata