connect-to-nango-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs passing the NANGO_SECRET_KEY as a command-line argument (node scripts/check-auth.js <secret_key>) and to provision an Authorization: Bearer <NANGO_SECRET_KEY> header, which requires the agent to include the secret verbatim in generated commands/headers (even though some parts mention env vars, the CLI/header patterns force direct secret embedding).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill connects to the Nango MCP server (https://api.nango.dev/mcp) and invokes provider tools (e.g., HubSpot list_contacts, whoami, Salesforce query) that fetch and return third‑party/user‑generated data which the agent is explicitly instructed to read and display as part of its workflow, exposing it to indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill at runtime connects to the Nango MCP endpoint (https://api.nango.dev/mcp), which returns available tools and streams tool-call results that the agent uses to perform/execute remote operations and thus directly controls agent actions, and the skill explicitly depends on that external server.