mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The
scripts/connections.pyfile implements astdiotransport that allows launching arbitrary subprocesses via thestdio_client. This capability, while intended for testing local MCP servers, can be abused to execute malicious shell commands if the agent is manipulated into providing a harmful command string.- EXTERNAL_DOWNLOADS (MEDIUM):SKILL.mdinstructs the agent to fetch and process markdown documentation frommodelcontextprotocol.ioandraw.githubusercontent.com. Since these domains are not on the explicit trusted list, processing this untrusted content creates a vector for indirect prompt injection.- DATA_EXFILTRATION (LOW): The connection helpers inscripts/connections.pyallow the agent to establish outbound network connections via SSE and Streamable HTTP. While no exfiltration logic is hardcoded, the capability to send data to arbitrary URLs is present.
Audit Metadata