gh-grep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill calls the embedded grep.app server (https://mcp.grep.app/ in scripts/grep.ts) to search and return code/examples from millions of public GitHub repositories—untrusted, user-generated third‑party content that the agent reads and prints as part of its workflow, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill creates a runtime server proxy to https://mcp.grep.app/ and invokes proxy.searchGitHub at runtime, meaning it relies on that external HTTP MCP server (https://mcp.grep.app/) which executes remote code to fulfill calls.