apollo-mcp-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documentation (SKILL.md and references/tools.md) shows the MCP server can fetch schema and operations from external GraphQL endpoints, GraphOS uplink/collections, and manifests (e.g., endpoint, graphos, operations: source: collection/manifest), and the agent is expected to read introspection/search/execute outputs and operation comments (which become tool descriptions), so untrusted third-party content can directly influence tool choice and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Quick Start includes commands that download and execute remote installer scripts (curl -sSL https://mcp.apollo.dev/download/nix/latest | sh and iwr 'https://mcp.apollo.dev/download/win/latest' | iex), which fetch and run remote code as a required installation step for the skill.