mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The 'MCPConnectionStdio' class in 'scripts/connections.py' uses the 'stdio_client' to launch subprocesses via a specified command and arguments. This capability represents a significant security surface as it allows for arbitrary command execution on the host system if the agent is manipulated into running malicious commands.
- [EXTERNAL_DOWNLOADS] (LOW): The 'MCPConnectionSSE' and 'MCPConnectionHTTP' classes in 'scripts/connections.py' facilitate network connections to external URLs. This could be leveraged for Server-Side Request Forgery (SSRF) or to connect to malicious external MCP servers that provide harmful tool definitions.
- [DATA_EXFILTRATION] (LOW): The combination of network request capabilities and the ability to process tool outputs creates a potential path for data exfiltration if the agent is directed to send sensitive local data to a remote tool endpoint.
- [COMMAND_EXECUTION] (LOW): Indirect Prompt Injection Surface (Category 8).
- Ingestion points: 'scripts/connections.py' through 'call_tool' response content.
- Boundary markers: Absent; tool outputs are returned as raw content without delimiters.
- Capability inventory: Subprocess execution via 'MCPConnectionStdio' and network requests via SSE/HTTP.
- Sanitization: Absent; tool results are processed directly by the session handler.
Audit Metadata