converting-mcps-to-skills
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/mcp-stdio.tsprovides a generic interface for executing system commands as subprocesses. It parses command strings and uses the@modelcontextprotocol/sdkto establish stdio-based communication with external tools. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of dependencies and tools from well-known services. It uses the NPM registry to install
@modelcontextprotocol/sdkand references official MCP server implementations (e.g., from the@modelcontextprotocolorganization) in its documentation and examples. - [REMOTE_CODE_EXECUTION]: By integration with the Model Context Protocol, the skill enables the agent to interact with and execute code from MCP servers. This includes examples of running servers directly via
npx, which involves dynamic retrieval and execution of external packages. - [DATA_EXFILTRATION]: The
scripts/mcp-http.tsscript allows the agent to make HTTP POST requests to arbitrary URLs. While intended for JSON-RPC communication, this mechanism could be used to transmit data to external network endpoints. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes data from external MCP servers without sanitization before returning it to the agent context.
- Ingestion points: Tool call results and resource content retrieved in
scripts/mcp-http.tsandscripts/mcp-stdio.ts. - Boundary markers: Absent. The scripts do not use delimiters or instructions to help the agent distinguish between data and instructions.
- Capability inventory: Extensive capabilities including arbitrary shell command execution and network access.
- Sanitization: None. The scripts perform no validation or filtering on data received from external servers.
Audit Metadata