mcp-builder
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The evaluation tool (scripts/evaluation.py) and its connection utility (scripts/connections.py) facilitate the execution of local shell commands to launch the MCP server processes that are being tested.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to the Anthropic API for server evaluation and can connect to remote services via HTTP and SSE. It also provides instructions for fetching documentation from official Model Context Protocol repositories.
- [PROMPT_INJECTION]: The evaluation harness processes tasks from user-provided XML files, representing a potential surface for indirect prompt injection.
- Ingestion points: Task questions and answers are loaded from XML files in scripts/evaluation.py.
- Boundary markers: The script employs a system prompt for the evaluation agent but does not use explicit boundary markers or delimiters for the ingested task content.
- Capability inventory: The evaluation harness is capable of executing shell commands and performing network operations.
- Sanitization: Content ingested from evaluation XML files is passed directly to the model without sanitization or escaping.
Audit Metadata