The Agent Skills Directory

[COMMAND_EXECUTION]: The evaluation harness provides the capability to execute system commands to launch MCP servers during testing.
Evidence: In scripts/connections.py, the MCPConnectionStdio class uses the mcp library's stdio_client to spawn a subprocess using the command and args parameters provided via the command line in scripts/evaluation.py.
Context: This is an intended feature for local server testing and development.
[PROMPT_INJECTION]: The scripts/evaluation.py script possesses an attack surface for indirect prompt injection from external data sources.
Ingestion points: The script reads test questions from a user-provided XML file and accepts tool results from the MCP server being evaluated.
Boundary markers: Absent. The external content is appended to the message history without delimiters or instructions to ignore embedded commands.
Capability inventory: The script can execute subprocesses (via stdio transport), perform network operations (via SSE/HTTP transport), and access the Anthropic API.
Sanitization: Absent. Content is passed to the model without validation or escaping.
[EXTERNAL_DOWNLOADS]: The skill instructions and scripts reference official repositories for documentation and dependencies.
Evidence: SKILL.md contains links to modelcontextprotocol.io and the modelcontextprotocol GitHub organization for specifications and SDK READMEs.
Context: These are well-known technology sources and the downloads are for legitimate development resources.

mcp-builder