webmcp-bridge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary external URLs (SKILL.md and references/source-modes.md) and the launcher script scripts/ensure-links.sh builds links with --url so the agent will load and inspect third‑party web pages and their runtime tools, allowing untrusted page content to materially influence subsequent tool calls and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's default launcher invokes a remote npm package via "npx -y @webmcp-bridge/local-mcp" which will fetch and execute remote code at runtime and is relied on as the required local-mcp launcher for created links, so this external dependency can execute remote code.