Skills
skills/x-cmd/skill/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch documentation and SDK information from the official Model Context Protocol website (modelcontextprotocol.io) and its associated GitHub repositories. These are well-known and trusted sources for the protocol being implemented.
  • [COMMAND_EXECUTION]: The scripts/connections.py and scripts/evaluation.py files include logic to execute local MCP servers via the stdio transport. This is a core feature of the Model Context Protocol, allowing an LLM to interact with local services as subprocesses. The implementation uses the official mcp Python library for this purpose.
  • [SAFE]: The skill follows security best practices by recommending environment variables for API keys and specifying that standard input/output (stdio) servers should not log to stdout to prevent protocol interference. No signs of obfuscation, data exfiltration, or malicious prompt injection were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 04:55 PM