mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and SDK guidelines from modelcontextprotocol.io and official GitHub repositories under the modelcontextprotocol organization. These are well-known and trusted sources for MCP resources.
- [COMMAND_EXECUTION]: The evaluation script (scripts/evaluation.py) is designed to execute user-provided commands (e.g., 'python my_server.py') to launch and test MCP servers locally. This is a core feature for server development and is triggered by the user during testing.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection within its evaluation harness.
- Ingestion points: The evaluation script ingests data from local XML files and retrieves tool outputs from external MCP servers during the agent loop.
- Boundary markers: The system prompt for the evaluation agent lacks explicit delimiters or instructions to ignore embedded instructions within the ingested data.
- Capability inventory: The evaluation script can execute local subprocesses and communicate with the Anthropic API.
- Sanitization: No sanitization or filtering is performed on tool outputs before they are processed by the LLM.
Audit Metadata