mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Command Execution (MEDIUM): The
MCPConnectionStdioclass inscripts/connections.pyexecutes system commands via thestdio_clientfrom themcplibrary. While this is the intended transport mechanism for local MCP servers, it allows for arbitrary command execution if thecommandorargsparameters are sourced from untrusted user input without sanitization.- Data Exposure & Exfiltration (LOW): TheMCPConnectionSSEandMCPConnectionHTTPclasses inscripts/connections.pyfacilitate outbound network connections to arbitrary URLs. This capability could be leveraged for data exfiltration or connecting to malicious endpoints if the URLs are not restricted to a trusted whitelist.- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection through tool outputs. - Ingestion points:
scripts/connections.py(thecall_toolmethod). - Boundary markers: Absent. Tool results are returned directly without encapsulation or instructions to the model to ignore embedded commands.
- Capability inventory:
scripts/connections.py(System command execution and network access). - Sanitization: Absent. Data from external tools is processed as-is.
Audit Metadata