Install and use the Agent Ready MCP server to scan any URL for AI agent-readability via MCP tool calls. Activates for "install agent-ready mcp", "set up agent-ready in Claude Desktop / Cursor / Cline / Goose / Continue", "add agent-ready as an MCP tool", "scan this site via agent-ready", "run scan_site / get_scan / ask via MCP". Pick this skill when the user wants tool-native access to Agent Ready — no curl, no fetch wiring. For direct REST access without MCP, use the `agent-ready-api` skill instead.
72
90%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
2 findings — 2 medium severity. This skill can be installed but you should review these findings before use.
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Third-party content exposure detected (high risk: 0.85). The required runtime workflow uses the MCP tools `scan_site`/`get_scan`, whose tool results include “scraped text from the target site (titles, headings, `llms.txt` / `AGENTS.md` bodies, check messages)”; that is outsider-authored free text from an arbitrary user-supplied URL that the agent will ingest into LLM context for summarization.
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Potentially malicious external URL detected (high risk: 0.90). The skill instructs clients to run "npx -y agent-ready-mcp@latest" (which fetches and executes remote code from the npm package at https://www.npmjs.com/package/agent-ready-mcp) and/or to point the MCP transport at the hosted endpoint https://agent-ready.dev/api/v1/mcp (and its server card https://agent-ready.dev/.well-known/mcp/server-card.json), both of which are runtime external dependencies that either execute fetched code or supply tool/prompt definitions that control the agent.