mcp-builder
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch reference materials from
modelcontextprotocol.ioand the officialmodelcontextprotocolGitHub organization. These are the authoritative sources for the protocol and are considered trusted services. - [PROMPT_INJECTION]: The skill processes external documentation, which creates a potential surface for indirect prompt injection if the remote content were compromised.
- Ingestion points: The agent is instructed to use tools to load content from
https://modelcontextprotocol.io/llms-full.txtand various SDK README files on GitHub. - Boundary markers: The instructions do not define specific delimiters or "ignore instructions" wrappers for the external content.
- Capability inventory: As this is a builder skill, the agent environment typically includes file system access and code execution capabilities to implement the server.
- Sanitization: There is no evidence of content sanitization or validation before the agent processes the retrieved documentation.
Audit Metadata