mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md includes an explicit "Web Scraper Server" example (scraper-server/src/index.ts) that calls axios.get(url) and returns scraped page text for arbitrary URLs, which clearly ingests untrusted public web content that the agent will read and use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's scraper tool calls axios.get(url) at runtime using arbitrary user-supplied HTTP(S) URLs (i.e., any external URL passed to axios.get), fetching remote content that is returned to the LLM and therefore can directly control prompts/instructions — flagged: user-provided HTTP(S) URL fetched via axios.get(url).