mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Dynamic Execution (MEDIUM): The
MCPConnectionStdioclass inscripts/connections.pyusesmcp.client.stdio.stdio_clientto execute system commands. Thecommandandargsparameters are passed directly to a subprocess. If these values are derived from untrusted prompt interpolation or external data, it could lead to arbitrary command execution on the host environment. - External Downloads & Network Access (MEDIUM): The
MCPConnectionSSEandMCPConnectionHTTPclasses inscripts/connections.pyallow the agent to establish network connections to arbitrary URLs. This capability could be abused for data exfiltration or to connect to malicious external servers. - Indirect Prompt Injection (LOW): The skill is designed to ingest and process data from external MCP servers without apparent sanitization or boundary markers.
- Ingestion points: Data enters through the
call_toolmethod inscripts/connections.pywhich retrieves content from external tool executions. - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the tool output.
- Capability inventory: The skill includes high-privilege capabilities such as subprocess spawning (
stdio_client) and network communication (sse_client,streamablehttp_client). - Sanitization: Absent. Output from external tools is returned as-is to the calling agent.
Audit Metadata