The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The file scripts/connections.py implements the MCPConnectionStdio class which wraps mcp.client.stdio.stdio_client. This class accepts a command and args parameter from the caller and executes it as a subprocess on the host system.
[REMOTE_CODE_EXECUTION] (HIGH): The skill instructions in SKILL.md (Phase 3.2) guide the agent to perform build and test operations using shell commands such as npm run build and npx @modelcontextprotocol/inspector. When these parameters are derived from external documentation found during Phase 1, it enables an RCE path.
[EXTERNAL_DOWNLOADS] (LOW): The skill directs the agent to fetch content from modelcontextprotocol.io and raw.githubusercontent.com. While these are considered trusted sources under [TRUST-SCOPE-RULE] for the download itself, the content ingested directly influences high-privilege operations (command execution).
[PROMPT_INJECTION] (HIGH): The skill has a significant indirect prompt injection surface. Ingestion points: Uses WebFetch to read external API docs and GitHub READMEs (SKILL.md). Boundary markers: Absent; there are no instructions to help the agent distinguish between hard protocols and instructions found in external data. Capability inventory: Command execution via scripts/connections.py and direct shell usage. Sanitization: Absent; the skill lacks any validation or filtering of external content before use in configuration or execution.

mcp-builder