mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill fetches documentation from modelcontextprotocol.io and GitHub repositories under the modelcontextprotocol organization. These sources are not included in the trusted list provided in the guidelines, making the content unverifiable.
- [COMMAND_EXECUTION] (MEDIUM): The file scripts/connections.py uses the mcp library to spawn subprocesses via stdio_client. While this is standard for MCP development, it enables the execution of arbitrary commands.
- [DATA_EXFILTRATION] (LOW): The script supports outbound network requests to user-specified URLs for SSE and HTTP transports, which could be used as exfiltration channels if the agent is compromised.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection by processing external markdown content. 1. Ingestion points: Fetching README files and sitemaps from external URLs. 2. Boundary markers: Absent. 3. Capability inventory: Command execution via stdio and script testing via npx/python. 4. Sanitization: Absent.
Audit Metadata