Skills
skills/evolv3ai/claude-skills-archive/MCP OAuth Cloudflare/Snyk

MCP OAuth Cloudflare

Warn

Audited by Snyk on Mar 10, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches tokens and user profile data from public Google OAuth endpoints (e.g., https://oauth2.googleapis.com/token and https://www.googleapis.com/oauth2/v2/userinfo) and injects those untrusted user-derived props (email, name, picture, accessToken, etc.) into MCP tool handlers via this.props, so third‑party/user content can materially influence agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 03:49 AM