The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The scripts/connections.py file implements the MCPConnectionStdio class, which utilizes the mcp library to spawn subprocesses. It accepts a command string and args list, allowing the execution of any system command. This is a core functionality for local MCP development but represents a high-privilege capability that lacks restricted environment constraints.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructions in SKILL.md direct the agent to fetch remote content using WebFetch from modelcontextprotocol.io and GitHub. Additionally, it recommends using npx @modelcontextprotocol/inspector, which downloads and executes a Node.js package at runtime. Since the modelcontextprotocol organization is not explicitly on the trusted list, these are treated as unverifiable remote dependencies.
[DATA_EXPOSURE] (LOW): The connection utility in scripts/connections.py allows passing environment variables to spawned processes. This is intended for authentication (API keys) but could be misused to expose sensitive environment data if the agent is tricked into running a malicious command or using an untrusted environment.
[PROMPT_INJECTION] (LOW): The workflow relies heavily on the agent ingesting external documentation and API specifications. This creates an attack surface for indirect prompt injection, where malicious instructions embedded in external docs or API schemas could hijack the agent's behavior during the MCP server construction process.

mcp-builder