The Agent Skills Directory

[COMMAND_EXECUTION]: The skill implements the standard Model Context Protocol stdio transport in scripts/connections.py and scripts/evaluation.py. This functionality requires spawning local subprocesses to facilitate communication between the agent and local MCP servers, which is the primary intended use of this transport layer.
[EXTERNAL_DOWNLOADS]: The skill and its examples utilize well-known, trusted Python packages including anthropic, mcp, httpx, sqlalchemy, and pydantic. The documentation also references official Node.js ecosystem packages such as @modelcontextprotocol/sdk and zod for server implementation.
[INDIRECT_PROMPT_INJECTION]: The evaluation harness in scripts/evaluation.py parses user-supplied XML files using the standard xml.etree.ElementTree library. This ingestion of external data constitutes a vulnerability surface for XML-based attacks if the evaluation files are sourced from untrusted parties.
Ingestion points: scripts/evaluation.py reads local XML files provided as command-line arguments.
Boundary markers: The script relies on explicit XML tags (<question>, <answer>) to define data boundaries.
Capability inventory: The harness can execute code via the MCP stdio transport and interact with remote APIs via the anthropic client.
Sanitization: The implementation uses the standard library XML parser without additional security hardening (e.g., defusedxml).

moai-mcp-builder