The Agent Skills Directory

[SAFE]: The skill content is purely educational, providing documentation, architecture diagrams, and boilerplate code for implementing the MCP Apps extension. No malicious patterns or behaviors were detected.
[EXTERNAL_DOWNLOADS]: The skill references official packages and repositories from the Model Context Protocol organization. These include '@modelcontextprotocol/ext-apps' and '@modelcontextprotocol/sdk', which are standard dependencies for this technology. It also suggests using 'cloudflared' for local testing, which is a well-known service for development tunnels.
[COMMAND_EXECUTION]: Includes standard terminal commands for project setup, dependency management, and building assets. Examples provided include 'npm install', 'vite build', and 'npx skills add'. These are common development workflows and are used here for bootstrapping new projects.
[INDIRECT_PROMPT_INJECTION]: The documentation describes how UIs can interact with the agent via 'app.updateModelContext'. This is a core architectural feature of the protocol. The skill explicitly details the security model, including iframe sandboxing and Content Security Policy (CSP) enforcement, to mitigate risks associated with untrusted UI content.

mcp-apps