The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill employs a dangerous execution pattern by instructing the agent to download and run a shell script directly from GitHub (https://raw.githubusercontent.com/vaayne/mcphub/main/scripts/install.sh) using curl | sh. This pattern bypasses verification of the script's contents before execution. This instruction appears in the prerequisites of the main SKILL.md and is also embedded in references/skill-template.md, ensuring that any skill generated by this tool will continue to use this unverified execution method.
[COMMAND_EXECUTION]: The skill relies on the execution of the mh CLI tool to perform discovery and invocation tasks. Specifically, the 'Stdio mode' described in the workflow executes arbitrary commands (mh list --stdio -- cmd args ...) provided as part of the MCP server configuration.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing data from external MCP servers.
Ingestion points: External data enters the context through mh list calls to remote URLs or provided config files as seen in SKILL.md.
Boundary markers: No boundary markers or protective instructions are used when interpolating external tool data into the generated skill templates.
Capability inventory: The skill can perform file system writes (creating new skill directories and SKILL.md files) and execute shell commands via the mh utility.
Sanitization: There is no evidence of sanitization or validation of the names, descriptions, or tool schemas retrieved from MCP servers before they are used to generate new skill files.

mcp-skill-gen