The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/connections.py and scripts/evaluation.py files implement functionality to spawn subprocesses on the local system. Specifically, the MCPConnectionStdio class uses the stdio_client to execute commands provided via CLI arguments. While intended for testing local MCP servers, this provides a direct path for arbitrary command execution on the host.
[EXTERNAL_DOWNLOADS]: The SKILL.md file directs the agent to fetch documentation and SDK information from the official modelcontextprotocol organization on GitHub. These references are used to provide the agent with the necessary context for server implementation and are documented as trusted sources.
[PROMPT_INJECTION]: The scripts/evaluation.py script ingests data from external XML files (qa_pair elements) and tool responses, which are then fed directly into the LLM context. This creates an indirect prompt injection vulnerability where malicious data from a tested API or a crafted evaluation file could influence the agent's behavior during the evaluation loop.
Ingestion points: scripts/evaluation.py reads from XML files via parse_evaluation_file and tool outputs via connection.call_tool.
Boundary markers: The script uses XML tags like <summary>, <feedback>, and <response> to structure the agent's output, but it does not apply strict delimiters or 'ignore instructions' guards to the untrusted tool data being read.
Capability inventory: The skill can execute local commands via stdio transport and make network requests via SSE/HTTP transports and the Anthropic API.
Sanitization: The script performs JSON encoding for structured tool results but does not sanitize or filter the content of strings returned by tools before inclusion in the prompt.

mcp-builder