mcp-builder
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The scripts/connections.py file contains logic to spawn subprocesses using the stdio_client from the mcp library. This allows the agent to execute arbitrary system commands if the command parameter is dynamically generated or influenced by malicious prompts. This is the primary functionality for local MCP servers but requires strict input control.
- [EXTERNAL_DOWNLOADS] (LOW): The documentation in SKILL.md and reference/mcp_best_practices.md points to external documentation at modelcontextprotocol.io and githubusercontent.com. While these are the official protocol sources, they are not on the predefined trusted list.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: Arguments passed to the call_tool method in scripts/connections.py. 2. Boundary markers: The mcp_best_practices.md document recommends validation, but no specific delimiters are enforced in the connection script. 3. Capability inventory: The skill can execute local commands and perform network operations via connections.py. 4. Sanitization: No sanitization is implemented in the provided connection utility.
Audit Metadata