Skills
skills/tyk-lab/my-ai-skill/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The connection utility in scripts/connections.py and the evaluation script in scripts/evaluation.py enable the execution of local processes via the stdio transport. This is a core feature of the Model Context Protocol used to host and test server implementations.
  • [EXTERNAL_DOWNLOADS]: The skill's instructions direct the agent to retrieve documentation and protocol specifications from trusted domains, including modelcontextprotocol.io and the official Model Context Protocol GitHub repositories.
  • [PROMPT_INJECTION]: The evaluation system processes external XML files to generate prompts for the LLM. While this is the intended functionality for testing, it introduces a potential surface for indirect prompt injection from malicious evaluation files. The implementation includes structured system instructions and response delimiters to mitigate this risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 12:35 PM