The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The file scripts/connections.py contains the MCPConnectionStdio class which wraps mcp.client.stdio.stdio_client. This class is designed to spawn subprocesses using a user-provided command and args. This represents a high-risk capability if the agent is directed to use this connection factory with malicious input.\n- REMOTE_CODE_EXECUTION (HIGH): In SKILL.md (Phase 3.2), the instructions tell the agent to run npx @modelcontextprotocol/inspector, which downloads and executes code from the npm registry. Additionally, the skill's workflow relies on fetching implementation instructions from external websites and then executing local code, a pattern that significantly increases the risk of remote code execution.\n- EXTERNAL_DOWNLOADS (LOW): The skill references and encourages the use of content from modelcontextprotocol.io and raw.githubusercontent.com. While these are documentation sources, they are not on the explicitly trusted organization list and provide the primary instructions for the agent's code generation tasks.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it lacks security boundaries for external data.\n
Ingestion points: SKILL.md instructs the agent to fetch protocol specifications and READMEs via WebFetch.\n
Boundary markers: No delimiters or safety warnings are provided to prevent the agent from following instructions embedded in the fetched documentation.\n
Capability inventory: scripts/connections.py provides full subprocess execution via the stdio transport.\n
Sanitization: There is no validation or sanitization of the command strings or arguments before they are passed to the system shell.

mcp-builder