AgentSkillsCN

mcp-vulnerabilities

OWASP MCP 十大漏洞知识库,用于识别、评估并修复模型上下文协议环境中的安全风险。

SKILL.md
--- frontmatter
name: mcp-vulnerabilities
description: OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments.
license: MIT
metadata:
  authors: "OWASP MCP Top 10 Project"
  spec_version: "1.0"
  framework_revision: "1.0.0"
  last_updated: "2026-02-13"
  skill_based_on: "https://github.com/chris-buckley/agnostic-prompt-standard"
  content_based_on: "https://owasp.org/www-project-mcp-top-10/"

MCP Vulnerabilities — Skill Entry

This SKILL.md is the entrypoint for the MCP Vulnerabilities skill.

The skill encodes the OWASP MCP Top 10 (2025) as structured, machine-readable references that an agent can query to identify, assess, and remediate MCP security risks.

Normative references (MCP Top 10)

  1. 00 Vulnerability Index
  2. 01 Token Mismanagement and Secret Exposure
  3. 02 Privilege Escalation via Scope Creep
  4. 03 Tool Poisoning
  5. 04 Software Supply Chain Attacks and Dependency Tampering
  6. 05 Command Injection and Execution
  7. 06 Prompt Injection via Contextual Payloads
  8. 07 Insufficient Authentication and Authorization
  9. 08 Lack of Audit and Telemetry
  10. 09 Shadow MCP Servers
  11. 10 Context Injection and Over-Sharing

Skill layout

  • SKILL.md — this file (skill entrypoint).
  • references/ — the MCP Top 10 normative documents.
    • 00-vulnerability-index.md — master index of all vulnerability identifiers, severities, and cross-references.
    • 01 through 10 — one document per vulnerability aligned with OWASP MCP numbering.
  • assets/ — reusable format and constants blocks.
    • constants/ — vulnerability catalog and severity definitions.
      • constants-mcp-catalog-v1.0.0.md
    • formats/ — output contract examples.
      • format-vulnerability-assessment-v1.0.0.md
      • format-remediation-checklist-v1.0.0.md