Skills
skills/github/awesome-copilot/mcp-create-declarative-agent/Snyk

mcp-create-declarative-agent

Warn

Audited by Snyk on Feb 25, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill instructs the agent to fetch and import tools from arbitrary MCP servers (see /.vscode/mcp.json "serverUrl": "https://api.service.com/mcp/" and appPackage/ai-plugin.json runtimes.spec.url) and explicitly tells the workflow to "fetch available tools from server" and use those function definitions, meaning untrusted third‑party service responses can directly influence tool selection and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's ai-plugin.json and .vscode/mcp.json reference an MCP runtime URL (https://api.service.com/mcp/) that the agent fetches at runtime to import tool definitions and invoke tool execution endpoints, which directly control agent behavior and execute remote functions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 25, 2026, 05:26 AM