The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The file scripts/connections.py implements a stdio transport mechanism via the MCPConnectionStdio class. This allows for the execution of arbitrary system commands provided as the command argument. While necessary for MCP local server testing, it provides a direct execution vector.
REMOTE_CODE_EXECUTION (MEDIUM): In SKILL.md (Phase 3.2), the instructions suggest running npx @modelcontextprotocol/inspector. This command downloads and executes code from the npm registry at runtime, which is an unverifiable dependency pattern.
EXTERNAL_DOWNLOADS (LOW): The skill frequently uses WebFetch to download documentation from raw.githubusercontent.com and modelcontextprotocol.io. These sources are not on the explicitly trusted list provided in the security skill configuration, creating a dependency on external, unvalidated content.
INDIRECT_PROMPT_INJECTION (LOW): The skill exhibits an attack surface for indirect injection. * Ingestion points: SKILL.md Phase 1.3 and 1.4 ingest data from external GitHub repositories using WebFetch. * Boundary markers: Absent; there are no instructions to the agent to treat the fetched documentation as untrusted or to ignore embedded instructions. * Capability inventory: The skill includes the ability to execute shell commands (via connections.py) and perform network operations. * Sanitization: Absent; the agent is expected to read and act upon the content of the external markdown files without validation.

mcp-builder