mcp-evaluator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill instructs the agent to fetch raw repo files and "include actual code snippets as evidence" and to show tool outputs/raw file contents, which would require reproducing any hardcoded API keys, tokens, or passwords found verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires fetching and scraping public GitHub repository pages and raw files and performing web searches of community sources (e.g., Reddit, Twitter/X) via Bright Data MCP or GitHub MCP (see "Repository Content Access" Step 4 and "Community Validation" Step 5.5), and instructs the agent to read and incorporate that untrusted, user-generated content into the assessment and scoring, creating a clear path for indirect prompt injection.