The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's core functionality involves launching subprocesses using commands and arguments defined in the local .claude/.mcp.json configuration file. This is implemented in scripts/mcp-client.ts using the StdioClientTransport from the MCP SDK to manage server lifecycles.\n- [EXTERNAL_DOWNLOADS]: The documentation (README.md and reference guides) provides instructions for installing third-party tools like gemini-cli and various official MCP servers (e.g., @modelcontextprotocol/server-memory) using standard package managers like npm and npx.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it retrieves tool and prompt metadata from external MCP servers and saves it to assets/tools.json. This content is then used by the AI agent for decision-making.\n
Ingestion points: Metadata is ingested in scripts/mcp-client.ts via the listTools, listPrompts, and listResources methods.\n
Boundary markers: No explicit boundary markers or safety instructions are applied to the server-provided metadata before it is stored or presented to the agent.\n
Capability inventory: The skill can execute shell commands for server initialization and perform file operations such as writing to the assets directory.\n
Sanitization: The skill does not validate or sanitize the descriptions or schemas provided by the remote MCP servers before saving them locally.

mcp-management