The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The scripts/connections.py file implements a stdio transport layer that executes local commands and arguments via stdio_client. This provides a mechanism for local subprocess execution which, while functional for MCP servers, lacks input sanitization if parameters are derived from untrusted sources.
EXTERNAL_DOWNLOADS (MEDIUM): The SKILL.md instructions direct the agent to fetch documentation and SDK READMEs from the modelcontextprotocol GitHub organization and website via WebFetch. As this organization is not on the provided trusted list, these fetches are classified as unverified external downloads of instructions.
REMOTE_CODE_EXECUTION (MEDIUM): The skill recommends using npx @modelcontextprotocol/inspector for testing. The npx command downloads and executes third-party packages from the npm registry at runtime, which bypasses static security checks of the skill's local files.
PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface by ingesting external data.
Ingestion points: SKILL.md uses WebFetch to load content from modelcontextprotocol.io and raw.githubusercontent.com.
Boundary markers: Absent. The agent is instructed to load external resources directly into its context.
Capability inventory: Subprocess execution via stdio transport in connections.py and package execution via npx in SKILL.md (Phase 3.2).
Sanitization: None. The skill does not implement validation or escaping for external content before interpolation.

mcp-builder