capacitor-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs adding a GITHUB_TOKEN value (showing a ghp_ token placeholder) directly into MCP configuration JSON, which requires embedding secret tokens verbatim in config/commands and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs the awesome-ionic-mcp server which fetches and scrapes documentation and plugin data from public third‑party sites (e.g., ionicframework.com, capacitorjs.com, capawesome.io, capgo.app) and public GitHub repositories (via the GitHub API and Puppeteer) and returns that content for the agent to read and act on, exposing it to untrusted user-generated/open-web content.