The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or safety bypass attempts were detected. The skill's components are consistent with its documented purpose.\n- [EXTERNAL_DOWNLOADS]: The setup script installs the 'mcporter' utility from the NPM registry. This is a functional dependency used to manage and register MCP services locally.\n- [COMMAND_EXECUTION]: Local shell commands in setup.sh are used to register the Tencent Docs service and verify its status. These operations are limited to local configuration management.\n- [CREDENTIALS_UNSAFE]: The skill utilizes a user-provided environment variable (TENCENT_DOCS_TOKEN) for API authentication. This is a standard practice for MCP skills, and no sensitive credentials are hardcoded.\n- [DATA_EXFILTRATION]: All network communication is restricted to official Tencent Docs infrastructure (docs.qq.com), with no evidence of unauthorized data transfer to third-party domains.\n- [PROMPT_INJECTION]: The skill can read document content through the get_content tool, which represents an indirect prompt injection surface. However, the skill does not contain instructions to process this data unsafely or override agent instructions.

tencent-docs