The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The file scripts/connections.py implements a wrapper for the MCP stdio transport which enables the execution of arbitrary system commands through subprocesses. Although this is a core requirement for local MCP server integration, it provides the agent with high-privilege access to the underlying system. Evidence: stdio_client(StdioServerParameters(command=self.command, args=self.args, env=self.env)) in scripts/connections.py.
EXTERNAL_DOWNLOADS (LOW): The SKILL.md file directs the agent to fetch documentation and resource files from modelcontextprotocol.io and GitHub repositories under the modelcontextprotocol organization. These sources are not included in the pre-approved list of trusted external sources, although they are the official providers for this protocol. Evidence: WebFetch instructions in Phase 1.2 and 1.3 of SKILL.md.
REMOTE_CODE_EXECUTION (LOW): The implementation guide in SKILL.md recommends using npx @modelcontextprotocol/inspector for testing. Using npx involves downloading and executing packages from the npm registry at runtime, which is a form of remote code execution.
INDIRECT_PROMPT_INJECTION (LOW): The skill has a significant attack surface for indirect prompt injection because it is designed to ingest and process documentation from external, non-trusted websites and then perform actions (like command execution) based on that content. Mandatory Evidence Chain: 1. Ingestion points: SKILL.md instructions to fetch external URLs. 2. Boundary markers: Absent. 3. Capability inventory: Command execution via scripts/connections.py. 4. Sanitization: Absent.

mcp-builder