Skills
skills/zpankz/mcp-skillset/mcp-builder/Gen Agent Trust Hub

mcp-builder

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The 'scripts/connections.py' file defines 'MCPConnectionStdio', which utilizes 'mcp.client.stdio.stdio_client' to execute local system commands and manage subprocesses.
  • [REMOTE_CODE_EXECUTION] (HIGH): The 'create_connection' factory function provides a direct path to execute arbitrary code if transport parameters like 'command' and 'args' are derived from untrusted user input.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): The skill creates an exploitable surface by combining network data ingestion with command execution capabilities. 1. Ingestion points: Remote server responses via 'MCPConnectionSSE' and 'MCPConnectionHTTP' in 'scripts/connections.py'. 2. Boundary markers: Absent. 3. Capability inventory: Full system command execution via 'stdio' transport. 4. Sanitization: No validation or escaping of tool descriptions or server content before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:09 AM