mcp-connector-generator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly says to "Pass API keys in headers" and mentions injecting secrets into the environment—while environment injection can be safe, the direct instruction to place API keys in request headers implies the agent may need to emit secret values verbatim in generated requests/commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly provisions connectors to public/untrusted sources (e.g., "Connect my agent to Reddit via MCP" in SKILL.md) and the scripts/mcp_connectors.py exposes runtime connections to arbitrary HTTP URLs via get_http_mcp_toolset and to local MCP servers like "reddit-mcp" via get_stdio_mcp_toolset, meaning the agent will ingest and act on third‑party content that could include injected instructions.