mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and SDK information from 'modelcontextprotocol.io' and official GitHub repositories ('modelcontextprotocol/python-sdk', 'modelcontextprotocol/typescript-sdk'). These are well-known and trusted official sources for the protocol.
- [COMMAND_EXECUTION]: The evaluation harness ('scripts/evaluation.py') and connection logic ('scripts/connections.py') are designed to launch and interact with local MCP servers via the 'stdio' transport. This involves executing local commands and arguments provided by the user to test server functionality, which is the intended primary purpose of the developer tool.
- [PROMPT_INJECTION]: The 'scripts/evaluation.py' script reads questions from XML evaluation files and interpolates them into the agent's message history. This represents an indirect prompt injection surface.
- Ingestion points: 'scripts/evaluation.py' (parsing 'qa_pair/question' from the evaluation XML file).
- Boundary markers: Absent; questions are interpolated directly into the conversation history.
- Capability inventory: 'subprocess' execution (via 'mcp' library 'stdio_client') and network access to the Anthropic API.
- Sanitization: No filtering or validation is performed on the test questions, as they are expected to be provided by the developer for testing purposes.
- [SAFE]: No malicious patterns, obfuscation, hardcoded credentials, or unauthorized data exfiltration attempts were found during the analysis. The skill uses standard environment variables for API key management and follows industry best practices for MCP server development.
Audit Metadata