board-webmcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires network access to the public shared board at https://board.holon.run (see SKILL.md "Default Target") and instructs the agent to read board state via commands like board-webmcp-cli nodes.list, edges.list, and diagram.export format=json, which ingest untrusted, user-editable board content that can materially influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime helper (skills/board-webmcp/scripts/ensure-links.sh) invokes "npx -y @webmcp-bridge/local-mcp" which fetches and executes remote code from the npm registry at runtime and is required for the skill to operate, so this external package fetch is a risky runtime dependency.