Skills
skills/thedaviddias/skill-check/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The evaluation script scripts/evaluation.py and the connection logic in scripts/connections.py facilitate the execution of local commands via the stdio transport. This functionality is the primary mechanism for testing MCP servers and allows the agent to spawn subprocesses based on user-provided parameters.
  • [PROMPT_INJECTION]: The skill's evaluation harness is vulnerable to indirect prompt injection from the results of the tools it calls.
  • Ingestion points: Data from external tool results is ingested into the conversation history in the agent_loop function within scripts/evaluation.py.
  • Boundary markers: The system prompt uses XML tags to structure agent responses but does not include explicit delimiters or instructions to the model to ignore potential commands embedded in tool outputs.
  • Capability inventory: The agent possesses the capability to invoke any tool registered by the server under test, which may include file and network operations.
  • Sanitization: Tool responses are converted to strings and incorporated into the prompt without validation or filtering.
  • [EXTERNAL_DOWNLOADS]: The documentation in SKILL.md suggests fetching the latest MCP protocol and SDK specifications from official sources including modelcontextprotocol.io and the Model Context Protocol GitHub repositories.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:21 AM