The Agent Skills Directory

Prompt Injection (LOW): The skill establishes a surface for indirect prompt injection by ingesting data from external, potentially untrusted sources via MCP servers.
Ingestion points: Data returned by mcp-cli commands, such as file contents from read_file or responses from external APIs.
Boundary markers: Absent; the tool does not appear to use specific delimiters or instructions to treat tool output as untrusted content.
Capability inventory: The tool can read files, search directories, and execute arbitrary MCP tools which may include write permissions depending on the server configuration.
Sanitization: No evidence of sanitization or filtering of external data is present in the skill definition.
Command Execution (SAFE): The examples provided in the documentation show advanced usage including piping data to sh -c and using xargs. These are presented as legitimate usage patterns for a developer-oriented CLI tool and do not represent a hidden attack vector.

mcp-cli