mcp-builder
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of local processes to run and test MCP servers via the stdio transport protocol.
- Evidence:
scripts/connections.pyuses the officialmcplibrary'sstdio_clientto spawn subprocesses based on user-provided commands and arguments. - Evidence:
scripts/evaluation.pyprovides a command-line interface allowing users to specify commands for server execution during evaluation tasks. - [EXTERNAL_DOWNLOADS]: The skill references documentation and SDK resources from trusted and well-known sources associated with the Model Context Protocol.
- Evidence:
SKILL.mdcontains instructions to fetch protocol specifications from the officialmodelcontextprotocol.iowebsite. - Evidence:
SKILL.mddirects the agent to fetch SDK documentation (README files) from the officialmodelcontextprotocolorganization repositories on GitHub. - [PROMPT_INJECTION]: The skill includes an evaluation harness that processes external task data, presenting a potential surface for indirect instructions.
- Ingestion points:
scripts/evaluation.pyreads task data from XML files specified by the user via theeval_fileargument. - Boundary markers: The
EVALUATION_PROMPTinscripts/evaluation.pyuses XML-style tags (<summary>,<feedback>,<response>) to delimit agent output components. - Capability inventory: The
scripts/connections.pyandscripts/evaluation.pyutilities have the capability to execute local commands and perform network requests as part of the MCP client operations. - Sanitization: No explicit sanitization or filtering of the input XML question text is performed before it is interpolated into the agent's message context.
Audit Metadata