The Agent Skills Directory

[SAFE]: The skill serves as a specialized utility for auditing MCP servers. It provides a structured workflow for security professionals to evaluate authentication flows, tool exposure, and protocol compliance.
[COMMAND_EXECUTION]: The skill uses mcpjam-cli, a command-line tool for interacting with MCP servers. These commands (e.g., server probe, oauth login, tools list) are used as intended for diagnostic and auditing purposes. The instructions emphasize validating raw RPC evidence and using formal CLI outputs.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill involves analyzing OAuth metadata and access tokens. This data is processed locally within the context of an audit and is not exfiltrated to unauthorized external domains. The instructions include guidance on redacting secrets in debug artifacts.
[INDIRECT_PROMPT_INJECTION]: The skill represents an analysis surface where the agent processes untrusted output from external MCP servers.
Ingestion points: Data enters the system via output from mcpjam-cli commands that query external servers.
Boundary markers: The skill explicitly instructs the agent to separate server-provided data from CLI-normalized convenience fields and to trust raw RPC logs over human-readable summaries.
Capability inventory: The agent can execute several mcpjam-cli subcommands to probe, auth, and list server resources.
Sanitization: The skill advises a 'default stance' of conservative interpretation, requiring MUST/SHOULD/MAY spec mapping and prohibiting the labeling of findings as 'high' without concrete evidence of attacker benefit.

mcp-inspector