MCP Integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly configures and connects to external MCP servers (SSE/HTTP/WS and stdio) such as Asana/GitHub/custom hosted URLs (see "MCP Server Types", examples/sse-server.json and examples/http-server.json in SKILL.md), and its agents/commands are expected to call and read those third-party tool responses and act on them (see "Using MCP Tools in Commands and Agents" and agent workflows), which means untrusted, user-generated content from arbitrary external services can influence tool use and agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime MCP server endpoints that the agent connects to (e.g., SSE/HTTP/WebSocket URLs such as https://mcp.asana.com/sse and https://api.example.com/mcp) and an example that runs remote code via npx (npx -y @modelcontextprotocol/server-filesystem) — these are fetched/connected at runtime and provide tool schemas/responses or execute code that directly control agent behavior.