mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly supports connecting to external MCP servers (e.g., "brave-search" and "puppeteer" listed in SKILL.md) and its API/CLI (index.ts and the TypeScript examples like listPrompts/getPrompt and callTool/readResource) fetches and returns arbitrary third-party/web content which the agent reads and could materially influence subsequent tool calls or behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime configuration and examples launch npx to install and run remote packages such as "@modelcontextprotocol/server-filesystem" (e.g., npx -y @modelcontextprotocol/server-filesystem) and related @modelcontextprotocol servers, which fetch and execute remote code at runtime and can provide prompts/resources back to the agent, so this is a required external dependency that can execute code and influence agent instructions.