Skills
skills/anthropics/claude-plugins-official/mcp-integration/Snyk

mcp-integration

Warn

Audited by Snyk on Feb 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). This skill enables the agent to connect to external MCP servers over SSE/HTTP/WebSocket (e.g., "https://mcp.asana.com/sse", "https://api.example.com/mcp" and other custom URLs shown in the .mcp.json/examples) and to discover and read tool responses via /mcp, so it clearly ingests untrusted third‑party (including user/content from external services) data that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill configures runtime MCP endpoints (e.g., the SSE URL https://mcp.asana.com/sse) which Claude Code will connect to at runtime to discover tools and invoke remote tool operations — meaning external server responses can directly drive agent behavior and execute remote code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 08:14 PM