mcp-builder

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch reference materials from modelcontextprotocol.io and the official modelcontextprotocol GitHub organization. These are the authoritative sources for the protocol and are considered trusted services.
  • [PROMPT_INJECTION]: The skill processes external documentation, which creates a potential surface for indirect prompt injection if the remote content were compromised.
  • Ingestion points: The agent is instructed to use tools to load content from https://modelcontextprotocol.io/llms-full.txt and various SDK README files on GitHub.
  • Boundary markers: The instructions do not define specific delimiters or "ignore instructions" wrappers for the external content.
  • Capability inventory: As this is a builder skill, the agent environment typically includes file system access and code execution capabilities to implement the server.
  • Sanitization: There is no evidence of content sanitization or validation before the agent processes the retrieved documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 08:35 AM
Security Audit — agent-trust-hub — mcp-builder