mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the agent to retrieve documentation from external domains using WebFetch.\n
- Evidence: Fetches from modelcontextprotocol.io and raw.githubusercontent.com (modelcontextprotocol organization), which are not on the predefined trusted whitelist.\n- [COMMAND_EXECUTION] (LOW): The guide provides instructions to run shell commands for building and testing the MCP server.\n
- Evidence: Recommends running
npm run build,npx @modelcontextprotocol/inspector, andpython -m py_compile.\n- [DATA_EXFILTRATION] (SAFE): The skill does not access sensitive local files or attempt to transmit data to unauthorized external endpoints.\n- [PROMPT_INJECTION] (SAFE): No patterns of instruction override, role-play injection, or safety filter bypasses were identified.
Audit Metadata