mcp-builder
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches official MCP protocol specifications and SDK documentation from trusted sources including modelcontextprotocol.io and the modelcontextprotocol organization on GitHub.
- [COMMAND_EXECUTION]: The evaluation script (scripts/evaluation.py) uses the MCP SDK to execute local commands provided by the user via command-line arguments. This functionality is intended to launch and communicate with local MCP server implementations during testing.
- [DATA_EXFILTRATION]: The evaluation harness communicates with the Anthropic API to process tasks. This requires an ANTHROPIC_API_KEY, which the script correctly retrieves from the user's environment variables rather than hardcoding it.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in scripts/evaluation.py. 1. Ingestion points: Reads test questions from external XML files and processes dynamic outputs from third-party MCP tools. 2. Boundary markers: Uses the EVALUATION_PROMPT system prompt to enforce XML-tagged response structures, though it lacks explicit delimiters for untrusted data. 3. Capability inventory: Supports local subprocess execution via stdio transport and network operations through the Anthropic API. 4. Sanitization: No explicit sanitization or filtering is applied to the tool outputs before they are passed back to the LLM.
Audit Metadata