db620d33df
dotnet-build-and-test / dotnet-test-functions (push) Has been cancelled
dotnet-build-and-test / paths-filter (push) Has been cancelled
dotnet-build-and-test / dotnet-build (Debug, windows-latest, net9.0) (push) Has been cancelled
dotnet-build-and-test / dotnet-build (Release, ubuntu-latest, net10.0) (push) Has been cancelled
dotnet-build-and-test / dotnet-build (Release, ubuntu-latest, net8.0) (push) Has been cancelled
dotnet-build-and-test / dotnet-build (Release, windows-latest, net472) (push) Has been cancelled
dotnet-build-and-test / dotnet-test (Release, integration, true, ubuntu-latest, net10.0) (push) Has been cancelled
dotnet-build-and-test / dotnet-test (Release, integration, true, windows-latest, net472) (push) Has been cancelled
dotnet-build-and-test / dotnet-foundry-hosted-it (push) Has been cancelled
dotnet-build-and-test / dotnet-build-and-test-check (push) Has been cancelled
dotnet-build-and-test / Integration Test Report (push) Has been cancelled
CodeQL / Analyze (csharp) (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
MCP-Based Agent Skills Sample
This sample demonstrates how to discover Agent Skills served over MCP with a ChatClientAgent.
What it demonstrates
- Hosting a small MCP server (in this same executable, launched with
--server) that exposes skill resources following the SEP-2640 convention. - Connecting an
McpClientto the embedded server via stdio transport. - Building an
AgentSkillsProviderviaUseMcpSkills(client), which readsskill://index.json(SEP-2640 canonical discovery) and constructs skills from the index entries. - The progressive disclosure pattern across MCP: advertise → load → read resources, exactly as for filesystem-backed skills.
Running the Sample
Prerequisites
- .NET 10.0 SDK
- Azure OpenAI endpoint with a deployed model
Setup
$env:AZURE_OPENAI_ENDPOINT="https://your-endpoint.openai.azure.com/"
$env:AZURE_OPENAI_DEPLOYMENT_NAME="gpt-5.4-mini"
Run
dotnet run
Security Considerations
Discovering skills over MCP means an external MCP server controls what skill content (including
instructions and, for archive-type entries, extracted files) reaches the agent. A compromised or
untrustworthy server could return adversarial content designed to manipulate the agent (indirect
prompt injection) or to exfiltrate data through skill instructions/scripts. Only connect UseMcpSkills
to MCP servers you have vetted and trust, and keep the conservative archive size/file-count limits in
AgentMcpSkillsSourceOptions unless you have a specific reason to raise them.