powerbi-mcp-server-tester

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 2–3 in SKILL.md) launches and then navigates to the MCP Inspector URL produced by the background task and programmatically reads/listens to tool names, descriptions, parameters, and execution results from that Inspector web UI (the PowerBI MCP server's pages), which are arbitrary/untrusted third-party content that the agent interprets to decide which tools to run and how to act.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs "npx @modelcontextprotocol/inspector uv run run-server" at runtime, which fetches and immediately executes remote npm package code (a required runtime dependency), so this external artifact executes remote code used by the skill.