mcp-builder
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external evaluation data, creating an indirect prompt injection surface.
- Ingestion points: The
scripts/evaluation.pyscript parses user-provided XML files to extract questions for the agent loop. - Boundary markers: The
EVALUATION_PROMPTutilizes XML tags to structure the agent's output, but it does not provide robust isolation or delimiters for the untrusted question text from the XML. - Capability inventory: The skill can execute local shell commands (via
scripts/connections.py) and perform network requests to the Anthropic API during evaluation tasks. - Sanitization: There is no evidence of input validation, escaping, or sanitization performed on the content of the
<question>tags before it is interpolated into the agent prompt. - [COMMAND_EXECUTION]: The evaluation utility in
scripts/evaluation.pyand the connection logic inscripts/connections.pyutilize subprocesses to execute local commands for MCP server communication when the stdio transport is used. This behavior is intended for testing local server implementations.
Audit Metadata