The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/audit-server-readiness.sh uses eval on strings generated by a Node.js process that parses the local package.json. Since the values from package.json are not sanitized before being printed and evaluated, a malicious package.json could execute arbitrary shell commands.
Evidence: `eval "$(node
"$pkg" <<'NODE' ... NODE)"inscripts/audit-server-readiness.sh`.
[REMOTE_CODE_EXECUTION]: The skill includes instructions to download and execute scripts directly in the shell using a pipe-to-bash pattern from an external domain.
Evidence: curl -fsSL https://url.mcp-use.com/supabase | bash in references/25-deploy/platforms/02-supabase.md.
[CREDENTIALS_UNSAFE]: Multiple files contain example API keys and hardcoded secret patterns used for educational purposes or as placeholders.
Evidence: Hardcoded 'sk-live-' and 'pk-lf-' patterns in references/18-mcp-apps/widget-anti-patterns/01-secrets-in-widget-state.md and references/23-debug/02-observability-langfuse.md.
[EXTERNAL_DOWNLOADS]: The skill references several external domains for assets, documentation, and APIs, including one placeholder domain flagged by security scanners.
Evidence: https://langfuse.your-domain.com in references/23-debug/02-observability-langfuse.md.
[PROMPT_INJECTION]: The skill documents the creation of MCP tools that ingest untrusted data (arguments, webhooks) which are then processed by an LLM. While it advocates for validation, the examples lack explicit boundary markers to prevent indirect prompt injection during runtime processing.
Ingestion points: src/server.ts (tool arguments), /webhooks/:source in references/30-workflows/09-webhook-handler-with-notifications.md.
Capabilities: Subprocess execution via server.proxy, network operations via fetch, and database queries.

build-mcp-use-server