The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads and installs the @andrea9293/mcp-documentation-server package from the public NPM registry as part of its installation and execution process.
[REMOTE_CODE_EXECUTION]: The skill uses npx to fetch and execute code from the NPM registry. This is the standard delivery method for this MCP server but entails running code from a remote source.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it indexes local documents (PDF, Markdown, and Text files) that are then used as search context for the agent. This could allow instructions embedded within user-provided files to influence the AI's behavior during analysis.
Ingestion points: Files are read from the ~/.mcp-documentation-server/uploads/ directory using the process_uploads tool.
Boundary markers: The skill documentation does not describe any boundary markers or instructions to isolate document content from agent commands.
Capability inventory: The search_documents_with_ai tool passes document content to the Gemini AI model to generate responses based on the documentation context.
Sanitization: No sanitization or filtering of the document content is mentioned in the tool descriptions.

mcp-documentation-server