mcp-server-oauth

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask for a clientSecret and to include it verbatim in connect_to_mcp_server payloads and example CLI commands (or --client-secret), which requires the LLM to handle/output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly performs OAuth metadata discovery and fetches untrusted public endpoints (e.g., .well-known/oauth-authorization-server and .well-known/openid-configuration and authUrl values returned by connect_to_mcp_server), and the agent is expected to read and act on that externally hosted content as part of its workflow, exposing it to indirect prompt injection risk.