The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill's core workflow relies on ingesting untrusted data from external sources to drive subsequent code generation and execution phases.
Ingestion points: The agent is instructed to fetch documentation from modelcontextprotocol.io, GitHub, and arbitrary third-party service API documentation (Phase 1.2, 1.3, and 1.4).
Capability inventory: The agent performs code generation (Phase 2) and subsequently executes build/test commands including npm run build, python -m py_compile, and npx @modelcontextprotocol/inspector (Phase 3.2).
Sanitization: No sanitization or boundary markers are defined for the external content before it is used to influence agent decisions.
Risk: An attacker-controlled documentation page or API specification could inject instructions that cause the agent to generate backdoored code or execute malicious shell commands during the 'Phase 3' testing process.
Remote Code Execution (HIGH): The skill directs the user/agent to execute code directly from a remote source via npx from an organization not listed as a trusted source.
Evidence: Phase 3.2 instructs the execution of npx @modelcontextprotocol/inspector.
Risk: If the npm package is compromised or if the organization name is typo-squatted, it leads to immediate code execution on the host.
External Downloads (MEDIUM): The skill fetches several remote files from GitHub and other domains that are not part of the defined trusted organizations list.
Evidence: URLs pointing to raw.githubusercontent.com/modelcontextprotocol/... and modelcontextprotocol.io.
Command Execution (LOW): The skill requires the ability to execute shell commands to compile and verify code.
Evidence: Usage of npm run build and python -m py_compile.

mcp-builder