mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches documentation and SDK requirements from official Model Context Protocol websites and GitHub organizations.
- [COMMAND_EXECUTION]: The evaluation harness script (scripts/evaluation.py) executes shell commands to initiate and communicate with local MCP servers over the stdio transport for testing purposes.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection during its evaluation phase when processing external test questions. Ingestion points: evaluation.xml files processed in scripts/evaluation.py. Boundary markers: Structural XML tags are used for agent output, but no boundary markers or instructions exist to isolate ingested question text from agent logic. Capability inventory: Spawns subprocesses via the mcp SDK and performs network operations via the Anthropic API. Sanitization: No sanitization, validation, or filtering of question content is performed before interpolation into the prompt.
Audit Metadata