Skills
skills/frankxai/frankx.ai-vercel-website/MCP Architecture Expert/Snyk

MCP Architecture Expert

Warn

Audited by Snyk on Mar 1, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes and examples MCP servers that expose and read from public, user-generated sources (e.g., "Common MCP Servers" listing GitHub, Slack, Google Drive, and "Puppeteer
  • Web scraping", plus resource examples like "github://issues" and file/db URIs) which the agent is expected to read/interpret and could materially influence tool invocation and actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that fetch and execute remote packages (e.g., "npx @modelcontextprotocol/server-github", "pip install mcp-server-slack", and "docker run mcp-postgres-server"), which will run external code that can provide MCP prompts/tools to the agent and therefore directly influence agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 02:36 AM