mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill directs the agent to fetch documentation from 'modelcontextprotocol.io' and 'githubusercontent.com'. These domains are external to the predefined trusted organizations list.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection (Category 8) vulnerability surface detected. 1. Ingestion points: External fetches of sitemap and README files. 2. Boundary markers: Not specified in the instructions. 3. Capability inventory: The skill facilitates information gathering and code structure planning; it does not automatically execute external content. 4. Sanitization: Not present.
Audit Metadata