The Agent Skills Directory

[COMMAND_EXECUTION]: The skill spawns subprocesses to run MCP servers according to the user-defined configuration in .claude/.mcp.json. Evidence: The scripts/mcp-client.ts file utilizes the @modelcontextprotocol/sdk to create StdioClientTransport instances for each configured server.- [EXTERNAL_DOWNLOADS]: The skill documentation recommends using official package managers to install and run MCP server packages. Evidence: Instructions in the README.md and references/configuration.md suggest using npm install for local scripts and npx for executing remote servers like @modelcontextprotocol/server-memory.- [REMOTE_CODE_EXECUTION]: Facilitates running remote code by providing configuration patterns and commands that use npx to fetch and execute packages from the NPM registry. Evidence: The integration guides provide examples for running various MCP servers directly via npx.- [PROMPT_INJECTION]: The skill handles data from external MCP servers, which constitutes an attack surface for indirect prompt injection. Ingestion points: Tool definitions, prompts, and resource contents are retrieved from external servers in scripts/mcp-client.ts. Boundary markers: The skill includes a GEMINI.md file that enforces structured JSON response formatting for the Gemini CLI, reducing natural language ambiguity. Capability inventory: Depending on the configured servers, the skill can execute commands, access the file system, and perform network operations. Sanitization: While the skill uses structured JSON communication, it does not apply specific content filtering to the data returned by the servers.

mcp-management