The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes npx @smithery/cli to install servers and utilizes rg (ripgrep) to discover existing configuration files on the filesystem.
[EXTERNAL_DOWNLOADS]: The skill fetches and executes the @smithery/cli package from the npm registry using npx. While Smithery is a recognized service in the MCP ecosystem, this involves running code from a remote repository at runtime.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of untrusted MCP server configurations.
Ingestion points: The skill gathers MCP server definitions (JSON objects) from the user or the session context in SKILL.md.
Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore or escape instructions embedded within the server configuration data.
Capability inventory: The skill has the ability to write to sensitive application configuration files (e.g., claude_desktop_config.json, cline_mcp_settings.json) and execute commands via npx.
Sanitization: While the skill specifically checks for sensitive fields such as API keys and tokens, it does not validate the safety of the command or args fields in the server definitions, which could allow an attacker to persist malicious shell commands in the user's AI client configuration.

mcp-installer