The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The MCPConnectionStdio class in scripts/connections.py uses the mcp library's stdio_client to execute local commands. The command and arguments are accepted as variables through the create_connection factory function. If these parameters are derived from untrusted agent outputs or user input without strict sanitization, it could lead to arbitrary command execution on the host machine.
EXTERNAL_DOWNLOADS (LOW): The MCPConnectionSSE and MCPConnectionHTTP classes enable outbound network connections to arbitrary URLs using Server-Sent Events or Streamable HTTP. While this is a standard feature of the MCP protocol, it provides a channel for potential network-based attacks or unauthorized data transmission if the target URLs are not restricted to trusted domains.

mcp-builder