The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests tool descriptions and schemas from external, potentially untrusted MCP servers using the ToolSearch capability. If an external description contains malicious instructions, the agent might execute them during the generation phase. • Ingestion points: External tool definitions retrieved via ToolSearch in Step 2. • Boundary markers: None present. • Capability inventory: File writing (server.py, SKILL.md) and command suggestion for installation. • Sanitization: No validation or escaping is performed on the ingested descriptions before processing.

mcp-light-generator