mcp-builder

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions guide the agent to fetch official protocol documentation and SDK READMEs from authoritative sources including modelcontextprotocol.io and the official GitHub repositories for the Model Context Protocol. These are well-known resources and the downloads are documented for information retrieval purposes.
  • [COMMAND_EXECUTION]: The provided scripts/evaluation.py and scripts/connections.py scripts facilitate the execution of local MCP servers as subprocesses via the standard stdio transport mechanism. This is a primary functional requirement of the testing harness intended for local development workflows.
  • [DATA_EXPOSURE]: The skill demonstrates best practices for sensitive data management, advising users to manage API keys via environment variables rather than hardcoding them. No unauthorized file access or credential exposure patterns were found.
  • [PROMPT_INJECTION]: The instructions use natural instructional language and do not contain patterns typical of prompt injection or safety bypass attempts.
  • [SAFE]: The skill serves as a development framework and adheres to documented MCP security and implementation standards.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:30 AM
Security Audit — agent-trust-hub — mcp-builder