converting-mcps-to-skills
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
mcp-stdio.tsscript is designed to spawn child processes to run MCP servers using commands provided by the agent or user. This is the primary intended functionality of the skill. - [EXTERNAL_DOWNLOADS]: The skill facilitates downloading and executing official MCP server implementations and the
@modelcontextprotocol/sdkvia standard package managers likenpmandnpx. These are well-known resources within the MCP ecosystem. - [INDIRECT_PROMPT_INJECTION]: The skill processes tool schemas and execution results from external MCP servers, creating a potential surface for indirect injection if a server provides malicious content.
- Ingestion points: Data is ingested through HTTP response bodies in
mcp-http.tsand standard output streams inmcp-stdio.tsfrom external servers. - Boundary markers: The skill does not implement explicit delimiters or warnings to the agent to ignore instructions embedded within the tool data received from servers.
- Capability inventory: The skill possesses the ability to execute shell commands, perform network requests, and generate new skill files.
- Sanitization: The scripts pass the raw JSON data received from the external servers directly to the agent without filtering or sanitization of string content.
Audit Metadata