mcp-builder

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches protocol specifications and SDK documentation from well-known sources including modelcontextprotocol.io and the official modelcontextprotocol GitHub organization.
  • [COMMAND_EXECUTION]: The included scripts/evaluation.py and scripts/connections.py utilities provide functionality to launch local MCP servers as subprocesses using the stdio transport. This behavior is the primary intended purpose of the evaluation harness.
  • [PROMPT_INJECTION]: The evaluation loop in scripts/evaluation.py ingests questions from external XML files and includes them in the prompt sent to the model. While this represents a surface for indirect prompt injection, it is restricted to the context of the user-provided evaluation suite.
  • Ingestion points: XML evaluation files (e.g., scripts/example_evaluation.xml) parsed by scripts/evaluation.py.
  • Boundary markers: The instructions are wrapped in specific XML tags (<summary>, <feedback>, <response>) within a system prompt.
  • Capability inventory: The script can execute local commands to start servers and perform network requests to interact with remote MCP endpoints.
  • Sanitization: No explicit sanitization of question content is performed before interpolation into the prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — mcp-builder