mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/connections.pyandscripts/evaluation.pyfiles facilitate the execution of local shell commands through the MCPstdiotransport. This is the standard protocol for integrating local tools and is used here for testing and launching MCP servers under the user's direction via command-line flags. - [EXTERNAL_DOWNLOADS]: The
SKILL.mdfile references and suggests fetching documentation and SDK resources frommodelcontextprotocol.ioand its official GitHub repositories. These are well-known, trusted sources for the protocol specification and development tools. - [PROMPT_INJECTION]: The
scripts/evaluation.pyscript implements an indirect prompt injection surface as it processes testing data from user-provided XML files. - Ingestion points: Evaluation questions are read from an external XML file specified by the user via the
eval_fileargument. - Boundary markers: The script uses a system prompt for the sub-agent but does not employ specific delimiters (such as markdown blocks or XML tags) to wrap the injected question content.
- Capability inventory: The evaluation harness possesses the capability to execute shell commands (via stdio), make network requests, and call the Anthropic API.
- Sanitization: The script does not apply sanitization or filtering to the question content before including it in the prompt.
Audit Metadata