mcp-client

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI and scripts (scripts/mcp_client.py) explicitly connect to arbitrary remote MCP servers via URLs (e.g., Zapier, Brave Search, Puppeteer, SSE/streamable_http transports) and then call session.list_tools()/session.call_tool and read returned result.content, meaning it ingests and interprets untrusted third‑party/web content provided by those external servers.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill opens runtime connections to configured MCP endpoints (e.g., the Zapier FastMCP/SSE endpoints like https://mcp.zapier.com/api/v1/connect and https://actions.zapier.com/mcp/YOUR_KEY/sse) to fetch tool schemas and invoke remote tools, which can directly execute remote actions or supply instructions that control the agent.