mcp-server-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly includes a "Playwright MCP" (under "Available MCP Servers" and the "Playwright MCP
• Browser Automation" examples) that performs browser navigation and web scraping (e.g., playwright-browser_navigate with external URLs) and also lists a "Brave Search MCP" for web search, meaning the agent fetches and reads untrusted public web content that could influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill configuration includes a runtime remote MCP endpoint (https://api.githubcopilot.com/mcp/insiders) that supplies model context/instructions to the agent and a runtime npx invocation that fetches and executes @playwright/mcp@latest (npm), both of which would deliver remote content that can control prompts or execute code.