Skills
skills/vibery-studio/templates/mcp-builder/Gen Agent Trust Hub

mcp-builder

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The file scripts/connections.py implements the MCPConnectionStdio class, which uses the mcp library to spawn subprocesses. This class takes a command and args to execute arbitrary programs on the local system for the purpose of testing MCP servers.
  • [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: SKILL.md instructs the agent to fetch data from modelcontextprotocol.io and raw.githubusercontent.com using WebFetch.
  • Boundary markers: No boundary markers or 'ignore' instructions are specified for processing this external content.
  • Capability inventory: The agent has access to arbitrary command execution via scripts/connections.py and is prompted to run commands like npx @modelcontextprotocol/inspector in SKILL.md.
  • Sanitization: No sanitization or validation of the fetched remote content is performed before the agent uses it to plan or execute tasks.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill references several external URLs for documentation. These are from trusted sources (GitHub and the official MCP documentation site), which downgrades the severity of the download finding itself to LOW per [TRUST-SCOPE-RULE], though the content remains an injection risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:25 PM