mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [External Downloads] (LOW): The skill directs the agent to fetch external documentation from
modelcontextprotocol.ioandraw.githubusercontent.com/modelcontextprotocol/to assist in server design. These sources are official for the MCP project but are not included in the 'Trusted GitHub Organizations' or 'Trusted GitHub Repositories' lists. - [Indirect Prompt Injection] (LOW): The skill identifies a surface for indirect prompt injection via documentation ingestion. 1. Ingestion points:
modelcontextprotocol.io/sitemap.xml,https://modelcontextprotocol.io/specification/draft.md, and SDK READMEs on GitHub. 2. Boundary markers: Absent. The agent is not instructed to use delimiters or ignore instructions found within the fetched documentation. 3. Capability inventory: The agent possesses the ability to generate complex, executable TypeScript and Python code. 4. Sanitization: Absent. Data from these external fetches is used to directly influence the architectural and implementation output without validation or escaping. - [No Code] (SAFE): This skill contains no executable scripts or binary files, only instructional markdown files.
Audit Metadata