mcp-builder

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The connection utility (connections.py) and evaluation harness (evaluation.py) provide the capability to launch and interact with local MCP servers via the stdio transport. This involves executing sub-processes based on user-provided command-line arguments, which is a core and expected function of the Model Context Protocol for local tool integration.
  • [EXTERNAL_DOWNLOADS]: The documentation and instructions in SKILL.md reference external resources, including official protocol specifications from modelcontextprotocol.io and SDK documentation from the Model Context Protocol's official GitHub repositories. These are well-known and authoritative sources for the technology being utilized.
  • [PROMPT_INJECTION]: The evaluation script (evaluation.py) reads test cases from XML files and interpolates the question text directly into a prompt for the Claude model. While this pattern represents an indirect prompt injection surface, it is the standard and intended behavior for an evaluation harness designed to measure an agent's performance on specific tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 01:28 AM
Security Audit — agent-trust-hub — mcp-builder