Skills
skills/vijaykpatel/favorite_skills_and_plugins/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill instructions in SKILL.md guide the agent to fetch documentation from modelcontextprotocol.io and GitHub. While these are trusted sources for the protocol, fetching external content to guide logic introduces a dependency on remote integrity.
  • [COMMAND_EXECUTION] (LOW): The utility script connections.py implements a stdio transport that executes local commands, which is inherent to the MCP specification. The guide also instructs the agent to run testing tools like the MCP Inspector and python compiler.
  • [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface by ingesting external markdown data from URLs to guide code implementation. Evidence: Ingestion points in SKILL.md (READMEs and sitemaps); Boundary markers are absent; Capability inventory includes command execution and file writing; Sanitization is not documented for the fetched content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 04:23 PM