keyid-agent-kit-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes arbitrary incoming email content (e.g., via keyid_get_inbox and the "Pattern: Email-Triggered Agent Loop" in SKILL.md) and also accepts external webhook events, meaning untrusted, user-generated messages can be read and used to drive agent actions like replies or tool calls.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs "npx @keyid/agent-kit" at runtime, which fetches and executes remote code from the npm registry (e.g., https://registry.npmjs.org/@keyid/agent-kit or via npx) and is a required dependency for the MCP server, so this external fetch executes remote code during runtime.