mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructions in SKILL.md direct the agent to fetch documentation from https://modelcontextprotocol.io and https://raw.githubusercontent.com/modelcontextprotocol/. These are considered trusted sources under the analysis guidelines, which downgrades the risk.
- [COMMAND_EXECUTION] (LOW): The file scripts/connections.py uses stdio_client to spawn subprocesses for starting local MCP servers. While this is the intended functionality of the protocol, it provides a mechanism for local command execution.
- [REMOTE_CODE_EXECUTION] (LOW): SKILL.md suggests testing implementations using npx @modelcontextprotocol/inspector, which downloads and executes remote code. The risk is downgraded to LOW as it targets a trusted official namespace.
- [PROMPT_INJECTION] (LOW): Surface for Indirect Prompt Injection (Category 8) detected due to ingestion of external content. 1. Ingestion points: Markdown documentation fetched via WebFetch in Phase 1. 2. Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are provided. 3. Capability inventory: Includes local command execution via connections.py and remote package execution via npx. 4. Sanitization: Absent; the skill does not define methods to validate or sanitize fetched text.
Audit Metadata