The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The scripts/connections.py file contains an MCPConnectionStdio class that enables the execution of arbitrary system commands. The create_connection factory function allows the agent to start processes with specified commands and arguments. Furthermore, SKILL.md instructs the agent to run npm run build and npx @modelcontextprotocol/inspector, which are vectors for executing code on the host system.
EXTERNAL_DOWNLOADS (MEDIUM): The skill's workflow (Phase 1.2 and 1.3) involves fetching content from external URLs like modelcontextprotocol.io using WebFetch. While GitHub is a trusted source, other external domains pose a risk of providing malicious instructions via indirect prompt injection.
DATA_EXFILTRATION (MEDIUM): The MCPConnectionSSE and MCPConnectionHTTP classes in scripts/connections.py provide the capability to establish outbound network connections and send data to arbitrary remote servers. This could be used to exfiltrate sensitive information accessed by the agent.
PROMPT_INJECTION (HIGH): The skill has a high surface for indirect prompt injection (Category 8). It ingests untrusted data from documentation URLs and tool outputs from created servers. Because the skill also possesses command execution capabilities (via stdio transport) and has no sanitization or boundary markers, a malicious input could take control of the agent's actions on the host machine.

mcp-builder