using-mcp

SUSPICIOUS: The core MCP discovery/call workflow matches the stated purpose, but the skill’s trust boundary is broad. Its main risk is that it lets the agent add arbitrary stdio or HTTP MCP servers, forward env vars to them, and execute unpinned third-party server packages; that is proportionate to MCP administration but materially expands supply-chain and credential exposure.