Skills
skills/thinkfleetai/thinkfleet-engine/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Refers to official Model Context Protocol packages and dependencies available through the npm and pip registries.\n- [COMMAND_EXECUTION]: Documents the use of node, npx, and python to scaffold, build, and test MCP servers.\n- [PROMPT_INJECTION]: The skill defines tools that process external inputs, establishing a surface for indirect prompt injection.\n
  • Ingestion points: File src/index.ts (tool get_weather) and server.py (tool get_data).\n
  • Boundary markers: Not present in the boilerplate code.\n
  • Capability inventory: Tool functionality in the provided examples is restricted to returning static or formatted text over stdio; no sensitive file or network operations are included.\n
  • Sanitization: Examples demonstrate validation using the zod library for TypeScript and type hints for Python.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:14 AM