Skills
NYC
skills/smithery/ai/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill directs the agent to fetch documentation and README files from external sources such as modelcontextprotocol.io and GitHub repositories (modelcontextprotocol/python-sdk, modelcontextprotocol/typescript-sdk). While these are the official repositories for the protocol, the GitHub organization is not on the predefined trusted list.
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface (Category 8). The skill instructs the agent to ingest and process external Markdown documentation without explicit boundary markers or instructions to disregard embedded instructions.
  • Ingestion points: modelcontextprotocol.io/sitemap.xml, GitHub README files, and various protocol specification pages.
  • Boundary markers: Absent; the skill does not specify delimiters for fetched content.
  • Capability inventory: The skill context encourages the use of WebFetch and command-line tools for building and testing servers.
  • Sanitization: Absent; fetched documentation is processed directly as guidance for the LLM.
  • COMMAND_EXECUTION (LOW): The guide recommends executing local commands such as npm run build, npx @modelcontextprotocol/inspector, and python -m py_compile. While standard for development, these constitute a command execution surface if the environment is misconfigured or if the build scripts are compromised.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:04 PM