Skills
skills/guanyang/antigravity-skills/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/evaluation.py and scripts/connections.py files provide functionality to execute local shell commands via the stdio transport. This is an intended capability designed to allow developers to launch and test their own MCP server implementations locally.
  • [PROMPT_INJECTION]: The evaluation script processes input from XML files and passes it to the AI model. This presents a surface for indirect prompt injection if a developer runs an evaluation file from an untrusted source. The script includes structural mitigations by wrapping model outputs in XML tags for parsing.
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to fetch documentation from official sources, including the modelcontextprotocol.io website and the Model Context Protocol GitHub repositories. These are well-known and trusted sources for the protocol's technical documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 01:26 AM
Security Audit — agent-trust-hub — mcp-builder