The Agent Skills Directory

[SAFE]: The skill acts as a diagnostic gateway for developers working with MCP. Its primary activities involve codebase exploration, scoring tool designs, and routing to implementation-focused companion skills.
[PROMPT_INJECTION]: The documentation includes examples of prompt injection attacks (such as instructions to ignore safety guidelines or exfiltrate data) in references/patterns/security.md and references/patterns/threat-catalog.md.
These examples are clearly labeled as threat patterns for the agent to identify and mitigate during its auditing process.
They do not represent attempts to subvert the host agent's instructions.
[COMMAND_EXECUTION]: The skill provides and uses local shell scripts (scripts/audit-mcp-server.sh and scripts/measure-context-budget.sh) for static analysis.
These scripts use standard system utilities like grep, rg (ripgrep), and awk to perform read-only searches for pattern matching (e.g., counting tool definitions or estimating token counts).
The execution is restricted to the target directory provided by the user for auditing purposes.
[EXTERNAL_DOWNLOADS]: The skill references numerous official GitHub repositories and documentation sites for trusted services like Stripe, GitHub, Cloudflare, and Notion. These references are used for educational purposes and to provide architecture exemplars, and they do not involve downloading or executing untrusted code.

audit-agentic-mcp