The Agent Skills Directory

EXTERNAL_DOWNLOADS (LOW): The skill instructions in SKILL.md (Phases 1.2 and 1.3) direct the agent to fetch README files and documentation from raw.githubusercontent.com and modelcontextprotocol.io. While these are the official sources for the protocol, fetching live content from the internet introduces an external dependency that could be exploited if those sources were compromised.
COMMAND_EXECUTION (LOW): The utility script scripts/connections.py uses the mcp library's stdio_client to spawn subprocesses. This allows the agent to run and test local MCP servers. While this is the intended primary purpose of the skill, it represents a capability to execute arbitrary commands on the host system.
INDIRECT_PROMPT_INJECTION (LOW): The skill's architecture for fetching remote documentation creates an attack surface for indirect prompt injection.
Ingestion points: Remote markdown files are fetched in SKILL.md via WebFetch.
Boundary markers: None; fetched content is integrated directly into the agent's context without delimiters or 'ignore' warnings.
Capability inventory: The skill can execute local commands (connections.py) and perform network requests (via SSE/HTTP transports).
Sanitization: None; the skill does not implement validation or filtering for the external documentation it retrieves.

mcp-builder