add-mcp-server

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly includes fields like bearerToken and HTTP Authorization: "Bearer token" and instructs the agent to gather and write those config values, which would require the LLM to receive and emit secret values verbatim into JSON/configs or commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly allows adding an HTTP MCP server URL (SKILL.md Step 2) and instructs the agent to connect and list available tools from that server (Step 5), meaning the agent will fetch and interpret content from arbitrary remote servers which could supply untrusted/user-generated instructions influencing its actions.