The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill relies on downloading and executing the @mcp-use/inspector package via npx, which is an external dependency from an unverified source not listed among trusted vendors. Evidence: SKILL.md, references/basic-test-guide.md.- [REMOTE_CODE_EXECUTION]: The use of npx @mcp-use/inspector facilitates the download and execution of remote code on the host system at runtime. Evidence: SKILL.md, references/inspector-api.md.- [CREDENTIALS_UNSAFE]: The skill instructs the agent to prompt the user for sensitive LLM API keys (OpenAI, Anthropic, Google, or OpenRouter) and save them to a local .env file, increasing the risk of credential exposure. Evidence: references/llm-test-guide.md, references/providers.md.- [COMMAND_EXECUTION]: Several shell commands (npx, curl, jq) interpolate user-provided inputs like the MCP server URL directly into arguments without explicit sanitization, creating a potential command injection vector. Additionally, the troubleshooting guide suggests disabling SSL verification (NODE_TLS_REJECT_UNAUTHORIZED=0). Evidence: references/basic-test-guide.md, references/troubleshooting.md.- [DATA_EXFILTRATION]: User-provided API keys are transmitted to the local inspector service and subsequently to external LLM provider endpoints such as api.openai.com or openrouter.ai. Evidence: references/llm-test-guide.md, references/providers.md.- [PROMPT_INJECTION]: The skill's workflow involves passing untrusted data from MCP tool and resource outputs directly into LLM prompts without boundary markers or sanitization, creating an attack surface for indirect prompt injection. Evidence: references/llm-test-guide.md, references/business-cases.md.

test-mcp-server