The Agent Skills Directory

Credentials Unsafe (MEDIUM): The command smithery auth whoami --server starts an unauthenticated local HTTP server on port 4260 that serves the Smithery API key.
Evidence: File references/AUTH.md explains this feature, which makes the sensitive API key accessible to any process or script on the local machine without authentication.
Remote Code Execution (MEDIUM): The skill's primary function is to connect to and execute logic from remote servers.
Evidence: references/CONNECT.md describes the smithery tool call command, which runs tools provided by remote MCP servers.
External Downloads (LOW): The skill installs software and third-party skills from untrusted sources.
Evidence: SKILL.md instructs the user to install @smithery/cli via npm, and references/SKILLS.md describes adding third-party skills via smithery skill add.
Indirect Prompt Injection (LOW): The skill processes data from external tools which could contain malicious instructions.
Ingestion points: Outputs from smithery tool call as described in references/CONNECT.md.
Boundary markers: None mentioned in the documentation for tool output handling.
Capability inventory: Includes subprocess command execution via the Smithery CLI across multiple reference files.
Sanitization: No evidence of sanitization or validation of tool output before it is returned to the agent context.

smithery