Skills
skills/zhanlincui/ultimate-agent-skills-collection/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The scripts/connections.py file contains the MCPConnectionStdio class, which uses the mcp library to spawn subprocesses using arbitrary commands and arguments. While this is the intended mechanism for MCP stdio servers, it provides a high-privilege execution capability that could be targeted by an attacker.
  • [EXTERNAL_DOWNLOADS] (LOW): The SKILL.md file directs the agent to fetch documentation from modelcontextprotocol.io and GitHub. These are non-whitelisted external sources used to provide context for the agent's tasks.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to the combination of external data ingestion and powerful tool capabilities.
  • Ingestion points: External markdown documentation is fetched from the web as part of the implementation workflow.
  • Boundary markers: None; the skill does not define specific delimiters or instructions to ignore embedded commands in the fetched documentation.
  • Capability inventory: The connections.py script enables local command execution via stdio and network communication via SSE and HTTP transports.
  • Sanitization: None; there is no evidence of sanitization or content validation for the externally retrieved documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:25 PM