mcp-installer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly uses GitHub search and file-fetch tools (mcp__github__search_repositories and mcp__github__get_file_contents) to read project READMEs/docs from public GitHub repositories and extract npx installation/configuration commands, so untrusted third‑party content can directly influence configuration and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill fetches repository files at runtime via the GitHub file API (e.g., https://raw.githubusercontent.com////README.md) using mcp__github__get_file_contents and uses those fetched docs to extract npx install commands that directly determine configured commands (and thus can lead to execution of remote packages), so the external GitHub raw file URLs are a runtime-controlled dependency.