The Agent Skills Directory

[COMMAND_EXECUTION]: The skill contains explicit instructions in SKILL.md to "rerun the exact mcporter command with escalation" if a permission error (EPERM) is encountered. This encourages the agent to use privilege escalation mechanisms (like sudo) to bypass system security controls.
[COMMAND_EXECUTION]: A specific hardcoded file path is provided for the mcporter executable: /Users/tao.exe/.nvm/versions/node/v22.22.2/bin/mcporter. Executing binaries from hardcoded user-specific paths is a security risk as it assumes the environment and the integrity of the binary at that location.
[DATA_EXFILTRATION]: The skill references specific internal organizational identifiers such as bank-x and mobile-app-workspace. While not credentials, these details reveal internal infrastructure naming conventions that could be used in targeted attacks.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
Ingestion points: Data enters the agent context via mcporter tool outputs and CLI responses.
Boundary markers: The instructions lack delimiters or warnings to ignore embedded instructions in the processed data.
Capability inventory: The skill has significant capabilities including calling arbitrary tools via mcporter_call_tool and executing local CLI commands.
Sanitization: There is no mention of escaping, validation, or filtering of content received from external MCP servers.

mcporter-mcp-first