clix-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs the agent to treat results from the Clix MCP Server (e.g., clix-mcp-server:search_sdk and clix-mcp-server:search_docs) and public docs/repos (https://docs.clix.so, GitHub links) as the single source of truth, which means the agent will fetch and read open/public third-party content as part of its workflow and could therefore be exposed to indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running the Clix MCP server via npx (e.g. "npx -y @clix-so/clix-mcp-server@latest" / the package @clix-so/clix-mcp-server on the npm registry https://www.npmjs.com/package/@clix-so/clix-mcp-server), which is executed at runtime and its clix-mcp-server:search_sdk results are explicitly used as the single source of truth to fetch code/instructions that directly control agent behavior—constituting a runtime remote-code / prompt-control dependency.