The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands using npx -y mcporter where user-controlled inputs (repoName and question) are interpolated into the command string. This pattern is highly susceptible to command injection if the agent environment executes these strings via a shell, allowing an attacker to execute arbitrary system commands by including characters like ;, &, or backticks in the input.
[EXTERNAL_DOWNLOADS]: The skill uses npx -y mcporter to fetch and execute the mcporter utility from the public npm registry at runtime. This creates a dependency on external, unvetted code that is not hosted by a trusted organization.
[PROMPT_INJECTION]: The skill processes untrusted documentation content from GitHub repositories, creating a surface for indirect prompt injection. Ingestion points: Tools like read_wiki_contents and ask_question fetch external text from any GitHub repository. Boundary markers: No delimiters or safety instructions are provided to the agent to distinguish between its instructions and the retrieved documentation content. Capability inventory: The agent has the ability to execute shell commands and interact with a remote MCP server. Sanitization: There is no indication that the content retrieved from repositories is sanitized or filtered before being passed to the AI for processing.

mcp-deepwiki