The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The skill instructs users to run npx -y awesome-ionic-mcp@latest in multiple configuration examples (Claude, Cline, Cursor). This downloads and executes code from an external npm package at runtime. The package and its author (Tommertom) are not on the trusted sources list.
COMMAND_EXECUTION (HIGH): The skill documentation describes tools that perform automated CLI command execution, such as ionic_build, ionic_repair, capacitor_sync, and capacitor_run. These tools allow an AI agent to execute complex system commands which could be manipulated to perform unauthorized actions if the agent is compromised.
EXTERNAL_DOWNLOADS (MEDIUM): The server is noted to make over 160 GitHub API calls during initialization and uses Puppeteer to fetch documentation from various external domains (ionicframework.com, capawesome.io, capgo.app). This creates a broad attack surface for indirect prompt injection if those sources are compromised.
CREDENTIALS_UNSAFE (LOW): The skill encourages users to hardcode a GITHUB_TOKEN into the MCP configuration file. While this is for rate limiting, it promotes storing sensitive credentials in plain text configuration files.
INDIRECT_PROMPT_INJECTION (LOW): The skill fetches component definitions and plugin documentation from multiple external websites. Malicious content on these sites could potentially influence the AI agent's behavior.
Ingestion points: ionicframework.com, capacitorjs.com, capgo.app, GitHub API.
Boundary markers: None mentioned for external data fetching.
Capability inventory: Full Ionic and Capacitor CLI command execution via subprocess.
Sanitization: Not specified in the skill description.

capacitor-mcp