The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The installation instructions direct the user to clone a repository from GitHub (DaxianLee/cocos-mcp-server). This introduces an external dependency on code from a source outside of the primary vendor or trusted organization list.
[COMMAND_EXECUTION]: The skill documents several shell commands for installation and troubleshooting, including git clone, netstat, and curl. These are used for setup and verifying local connectivity to the MCP server.
[PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting and processing data from the external Cocos Creator environment.
Ingestion points: Tools such as node_query and asset_query retrieve node names and metadata, while debug_console reads console logs which could contain attacker-controlled content.
Boundary markers: The instructions do not define boundary markers or delimiters to differentiate between retrieved data and agent instructions.
Capability inventory: The skill provides high-privilege capabilities including project building and execution (project_manage), file deletion (asset_operations), and scene modification (node_lifecycle).
Sanitization: No validation or sanitization steps are documented for the data retrieved from the editor before it is returned to the agent context.
[DATA_EXFILTRATION]: The skill utilizes local network communication (http://127.0.0.1:3000) for its transport mechanism. This address is whitelisted and aligns with the expected architecture for a local MCP server.

cocos-creator-mcp-server