Skills
skills/yunseo-kim/awesome-agent-toolbox/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation and README files from official Model Context Protocol sources including modelcontextprotocol.io and GitHub repositories.
  • [COMMAND_EXECUTION]: The scripts utilize the mcp library to launch local server processes via stdio for testing purposes. This command execution is a core feature of the provided evaluation harness.
  • [PROMPT_INJECTION]: The evaluation script processes question-and-answer pairs from XML files as a surface for indirect prompt injection.
  • Ingestion points: Question data is loaded from XML files in scripts/evaluation.py.
  • Boundary markers: The script uses XML-style tags like and to structure model output.
  • Capability inventory: The harness can execute local commands for stdio servers and perform network operations via SSE and HTTP transports.
  • Sanitization: Input questions are used in prompts without sanitization, though output formatting is strictly defined.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 03:51 PM