The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The file scripts/connections.py implements the MCPConnectionStdio class, which uses stdio_client from the mcp library to execute local processes based on a command and args provided at runtime.
Evidence: The create_connection factory function allows the agent to instantiate this class with arbitrary command strings, creating a vector for local command execution if the agent is influenced by malicious instructions.
EXTERNAL_DOWNLOADS (LOW): The SKILL.md file instructs the agent to fetch various external resources to 'study' the protocol.
Evidence: Instructions in Phase 1.2 and 1.3 direct the agent to fetch https://modelcontextprotocol.io/sitemap.xml and README files from https://raw.githubusercontent.com/modelcontextprotocol/. While these are legitimate documentation sources for the topic, fetching remote content into the prompt context always carries a minor risk.
INDIRECT_PROMPT_INJECTION (LOW): The skill possesses a documented attack surface for indirect injection as it processes untrusted data from external URLs.
Evidence Chain:
Ingestion points: SKILL.md Phase 1.2, 1.3, and 1.4 (fetching sitemaps, SDK READMEs, and API documentation).
Boundary markers: Absent; instructions do not specify using delimiters for the fetched content.
Capability inventory: scripts/connections.py provides the ability to execute local subprocesses (stdio) and perform network operations (http, sse).
Sanitization: Absent; the skill does not include steps to sanitize or filter the fetched documentation before it is read by the LLM.

mcp-builder