mcp-builder
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches protocol specifications and SDK documentation from well-known sources including
modelcontextprotocol.ioand the officialmodelcontextprotocolGitHub organization. - [COMMAND_EXECUTION]: The included
scripts/evaluation.pyandscripts/connections.pyutilities provide functionality to launch local MCP servers as subprocesses using thestdiotransport. This behavior is the primary intended purpose of the evaluation harness. - [PROMPT_INJECTION]: The evaluation loop in
scripts/evaluation.pyingests questions from external XML files and includes them in the prompt sent to the model. While this represents a surface for indirect prompt injection, it is restricted to the context of the user-provided evaluation suite. - Ingestion points: XML evaluation files (e.g.,
scripts/example_evaluation.xml) parsed byscripts/evaluation.py. - Boundary markers: The instructions are wrapped in specific XML tags (
<summary>,<feedback>,<response>) within a system prompt. - Capability inventory: The script can execute local commands to start servers and perform network requests to interact with remote MCP endpoints.
- Sanitization: No explicit sanitization of question content is performed before interpolation into the prompt.
Audit Metadata