mcp-builder

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content is not overtly a backdoor but includes multiple high-risk patterns (model-controlled tool invocation with no enforced human approval, an "execute_command" tool example, mechanisms to elicit and pass secrets, and an evaluation harness that instructs the model to disclose tool inputs/outputs and then automatically executes requested tools) which together create a realistic avenue for credential exfiltration and remote code execution if misused or paired with a malicious MCP implementation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to use WebFetch and web search to load external public URLs (e.g., Phase 1.3/1.4: https://modelcontextprotocol.io/llms-full.txt and raw.githubusercontent.com README links) and to read “ALL available API documentation,” which requires ingesting untrusted third-party web content that can materially influence tool design and subsequent agent actions.