The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands through the --stdio flag (e.g., mcporter list --stdio "..." and mcporter call --stdio "..."). If an attacker can influence the command string passed to these flags, it leads to direct command injection.
[REMOTE_CODE_EXECUTION]: The skill uses npx to run the mcporter package without installation and encourages the use of npx to run remote MCP servers (e.g., @modelcontextprotocol/server-filesystem). Additionally, the generate-cli command creates executable wrappers from remote URLs, which could introduce untrusted code into the local environment.
[EXTERNAL_DOWNLOADS]: The tool is designed to connect to and fetch data from arbitrary MCP servers via HTTP URLs (e.g., mcporter list --http-url https://some-mcp-server.com). This could be used to interact with malicious endpoints or exfiltrate data processed by the agent.
[DATA_EXFILTRATION]: The skill includes commands to manage and retrieve configuration keys (mcporter config get <key>) and perform OAuth authentication. These capabilities could be abused to expose or exfiltrate sensitive credentials and configuration data if the agent is prompted to do so by a malicious source.
[INDIRECT_PROMPT_INJECTION]: The skill processes data from external MCP servers and tools which acts as an ingestion point for untrusted content.
Ingestion points: Outputs from mcporter call (HTTP or stdio) and server discovery data.
Boundary markers: Absent; there are no instructions to the agent to treat MCP tool outputs as untrusted.
Capability inventory: Extensive; includes shell command execution via --stdio, network access via --http-url, and local configuration modification.
Sanitization: Absent; the skill does not specify any validation or filtering of content returned from MCP servers before it is processed by the agent.

mcporter