dsql

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to public third‑party content via its MCP documentation tools (dsql_search_documentation, dsql_read_documentation, and dsql_recommend described in mcp-tools.md and SKILL.md) which fetch and return arbitrary documentation URLs/snippets that the agent is expected to read and can materially influence follow-up actions (e.g., migration/transact decisions).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill config invokes the external MCP package "awslabs.aurora-dsql-mcp-server@latest" (see related repo https://github.com/awslabs/mcp/tree/main/src/aurora-dsql-mcp-server), which the MCP/uvx runtime will fetch and execute at runtime and is required for the skill's tools, so this is a runtime dependency that can execute remote code.