The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The MCPConnectionStdio class enables the execution of arbitrary system commands through the MCP standard input/output transport.
Evidence: Found in scripts/connections.py within the _create_context method: stdio_client(StdioServerParameters(command=self.command, args=self.args, env=self.env)).
Risk: If the command or args are dynamically populated from user-controlled data or untrusted LLM output, it leads to arbitrary command injection on the host system. The severity is lowered to MEDIUM as this is the primary intended function of an MCP stdio connector.
[EXTERNAL_DOWNLOADS] (LOW): The skill provides mechanisms to connect to remote servers via HTTP and Server-Sent Events (SSE).
Evidence: Found in scripts/connections.py via MCPConnectionSSE and MCPConnectionHTTP classes which utilize sse_client(url=self.url) and streamablehttp_client(url=self.url).
Risk: Enables network communication with arbitrary endpoints, which could be used for data exfiltration or connecting to malicious MCP servers that provide harmful tool definitions.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses an attack surface for indirect prompt injection via tool output.
Ingestion points: scripts/connections.py via the call_tool method which returns result.content from external MCP servers.
Boundary markers: Absent. There are no delimiters or instructions to the agent to treat MCP tool output as untrusted data.
Capability inventory: The skill can execute local subprocesses and perform network operations.
Sanitization: Absent. The content returned from external servers is passed back to the agent without filtering or validation.

mcp-builder