github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls the GitHub MCP server (scripts/github.ts) to fetch and search public repository data and user-generated content—e.g., get-file-contents, search-code, get-pull-request-comments, search-issues—which pulls arbitrary third-party GitHub pages/comments/code that the agent is expected to read and interpret.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill starts an embedded server at runtime using "npx -y @modelcontextprotocol/server-github", which causes npx to fetch and execute remote code from the npm registry (e.g. https://registry.npmjs.org/@modelcontextprotocol%2Fserver-github) and is a required runtime dependency that can execute remote code.