The Agent Skills Directory

The skill utilizes npx -y noverload-mcp@latest (SKILL.md, lines 7-8) to download and execute a JavaScript package. This package, noverload-mcp, is not hosted by any of the trusted GitHub organizations, meaning its source code cannot be verified by this analysis. The use of npx with the -y flag automatically confirms the installation and execution of this external code, creating a direct COMMAND_EXECUTION vulnerability. A malicious or compromised version of noverload-mcp could execute arbitrary commands on the user's system.

Furthermore, this unverified code handles a sensitive NOVERLOAD_TOKEN (personal access token) which is passed as an environment variable (SKILL.md, line 10). If the noverload-mcp package were malicious, it could exfiltrate this token or other sensitive data to an attacker-controlled server, leading to DATA_EXFILTRATION and CREDENTIALS_UNSAFE concerns.

The skill also processes various forms of external content (YouTube transcripts, articles, Reddit, X posts, and PDFs) (SKILL.md, line 20). This makes it susceptible to INDIRECT_PROMPT_INJECTION if the processed content contains malicious instructions, which is an informational risk for skills that ingest untrusted external data.