MCP Vulnerabilities — Skill Entry
This SKILL.md is the entrypoint for the MCP Vulnerabilities skill.
The skill encodes the OWASP MCP Top 10 (2025) as structured, machine-readable references that an agent can query to identify, assess, and remediate MCP security risks.
Normative references (MCP Top 10)
- •00 Vulnerability Index
- •01 Token Mismanagement and Secret Exposure
- •02 Privilege Escalation via Scope Creep
- •03 Tool Poisoning
- •04 Software Supply Chain Attacks and Dependency Tampering
- •05 Command Injection and Execution
- •06 Prompt Injection via Contextual Payloads
- •07 Insufficient Authentication and Authorization
- •08 Lack of Audit and Telemetry
- •09 Shadow MCP Servers
- •10 Context Injection and Over-Sharing
Skill layout
- •
SKILL.md— this file (skill entrypoint). - •
references/— the MCP Top 10 normative documents.- •
00-vulnerability-index.md— master index of all vulnerability identifiers, severities, and cross-references. - •
01through10— one document per vulnerability aligned with OWASP MCP numbering.
- •
- •
assets/— reusable format and constants blocks.- •
constants/— vulnerability catalog and severity definitions.- •
constants-mcp-catalog-v1.0.0.md
- •
- •
formats/— output contract examples.- •
format-vulnerability-assessment-v1.0.0.md - •
format-remediation-checklist-v1.0.0.md
- •
- •