day2-mcp-and-context-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly downloads and parses third-party content (e.g., scripts/mcp_servers.py downloads the MCP servers README from raw.githubusercontent.com) and instructs the agent to connect to and read user-generated/untrusted sources (Slack, Notion, Gmail/Google Calendar, arbitrary web pages via Fetch and plugin installs) as part of its required workflow, so external content can influence tool calls and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running "npx skills add ai-native-camp/camp-2" at startup, which fetches and executes remote package code (installing SKILL.md content that controls agent prompts/instructions) and is required before proceeding, so this runtime dependency poses a high-risk vector.