The Agent Skills Directory

[SAFE]: The skill serves as a high-quality development guide for the official Model Context Protocol (MCP) ecosystem. It does not contain malicious code, obfuscation, or unauthorized data access patterns.
[DATA_EXPOSURE]: The skill explicitly teaches against hardcoded credentials. It provides safe patterns for using environment variables for API keys and database URLs. Illustrative examples of 'bad' practices use generic placeholders and are clearly labeled as anti-patterns.
[COMMAND_EXECUTION]: The skill instructs the agent to use standard development CLI tools (npm, npx, tsc) and to build local server processes. These operations are within the expected scope of a developer-oriented skill and target trusted tools like the MCP inspector.
[EXTERNAL_DOWNLOADS]: Dependencies mentioned (e.g., @modelcontextprotocol/sdk, zod, express) are well-known, official, and industry-standard packages from trusted registries.
[INDIRECT_PROMPT_INJECTION]: The skill provides robust mitigations for indirect prompt injection risks by mandating Zod schemas for all tool inputs and providing specific code patterns for sanitizing file paths and URLs before processing. It correctly identifies the attack surface and guides the developer toward secure implementation.

build-mcp-sdk