mcp-troubleshooting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's installation and runtime workflows explicitly fetch and run public third-party content (e.g., curl https://raw.githubusercontent.com/j0kz/mcp-agents/main/install-all.sh, npx commands that pull packages from the npm registry, and links to GitHub Issues), which the agent/user is expected to install/use as part of the MCP workflow and could therefore introduce untrusted instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains runtime commands that fetch and execute remote code — e.g. curl -fsSL https://raw.githubusercontent.com/j0kz/mcp-agents/main/install-all.sh | bash and the PowerShell irm https://raw.githubusercontent.com/j0kz/mcp-agents/main/install-all.ps1 | iex as well as repeated npx @j0kz/... invocations (which pull and run packages from the npm registry) — so external content is fetched and executed at runtime and is required for the skill.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs using sudo to change ownership of system directories (e.g. sudo chown -R $(whoami) /usr/local/lib/node_modules) and other commands that modify system-level files, which require elevation and can alter the machine's state.