MCP Builder
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides blueprints for creating AI tools and prompts that handle untrusted input. Direct interpolation of raw strings into prompt templates without sanitization creates a vulnerability surface for indirect prompt injection.
- Ingestion points: Data enters through
request.params.argumentsin thecode-reviewandsummarize-textprompt handlers. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt templates.
- Capability inventory: The skill includes code for servers with file system access (
fs.readFile,fs.writeFile), network access (axios.get), and database access (pool.query). - Sanitization: While the database example correctly uses parameterized queries, the prompt templates perform direct string interpolation, and the file system example lacks path validation.
- [COMMAND_EXECUTION]: The 'File System Server' code template implements file read, write, and directory listing capabilities. The implementation uses
path.jointo resolve user-supplied file paths without verifying if the resulting path remains within the intended root directory. This pattern is vulnerable to path traversal attacks (e.g., using../), which could allow an agent to access or modify sensitive files on the host system. - [EXTERNAL_DOWNLOADS]: The skill guides users to install several official and well-known packages from the npm registry, including the official
@modelcontextprotocol/sdk,typescript,axios, andpgfor database connectivity.
Audit Metadata