The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The scripts/connections.py file contains the MCPConnectionStdio class, which utilizes mcp.client.stdio.stdio_client to launch subprocesses. If command parameters are derived from untrusted external documentation or agent-generated configurations without strict validation, it enables arbitrary command execution.
[PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Category 8 (Indirect Prompt Injection). Ingestion points: SKILL.md directs the agent to fetch content from modelcontextprotocol.io, GitHub, and arbitrary API docs using WebFetch. Boundary markers: No delimiters or safety instructions are provided to isolate this external data. Capability inventory: The skill possesses process execution capabilities (stdio_client) and network access, while also instructing the agent to run build and test commands like npm run build and npx. Sanitization: There is no logic or instruction to sanitize the ingested external data before it influences the agent's actions.
[REMOTE_CODE_EXECUTION] (HIGH): The guide recommends executing unpinned remote packages. Evidence: Phase 3.2 in SKILL.md instructs running npx @modelcontextprotocol/inspector, which downloads and executes code from the npm registry at runtime. Since this source is not in the trusted whitelist, it constitutes a risk of executing malicious code if the registry or package is compromised.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill frequently fetches content from remote URLs. Evidence: Documentation and SDK files are retrieved from raw.githubusercontent.com and official protocol domains. While the domains are reputable, the reliance on dynamic remote content for core logic without integrity checks is a security concern.

mcp-builder