mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The
MCPConnectionStdioclass inscripts/connections.pyis designed to execute system commands via themcp.client.stdiotransport. While this is a standard feature of the Model Context Protocol, it provides a direct path for arbitrary command execution if an attacker can influence thecommandorargsparameters passed to thecreate_connectionfactory. - EXTERNAL_DOWNLOADS (LOW): The
MCPConnectionSSEandMCPConnectionHTTPclasses inscripts/connections.pyfacilitate connections to remote URLs. This capability can be used for server-side request forgery (SSRF) or data exfiltration if the agent is manipulated into connecting to an attacker-controlled endpoint. - INDIRECT_PROMPT_INJECTION (SAFE): The file
scripts/example_evaluation.xmlcontains structured QA data. While this data is processed by the agent, it consists of standard mathematical and scientific questions and does not currently contain malicious injection markers. However, the use of external data inputs always presents a minor surface for indirect injection.
Audit Metadata