agentic-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports calling MCP servers such as a Playwright browser with arbitrary URLs (see README.md and SKILL.md examples like "agentic-mcp call playwright browser_navigate --params '{"url":"https://example.com\"}'" and the implementation in cli/commands/call.ts), and the CLI/formatter (cli/formatter.ts) consumes and presents the returned tool output — meaning untrusted public web content can be ingested and materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime server config instructs running npx with packages such as "@playwright/mcp@latest" (which causes npx to fetch and execute code from the npm registry, e.g. https://registry.npmjs.org), so remote content is fetched and executed at runtime and is required for operation.