moai-core-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly integrates a Context7Integration and MCP servers (see SKILL.md "Context7 Integration" and the .mcp.json in reference.md / examples.md which list "context7" and "github"), and the code shows it searching and retrieving code examples and documentation from those external/public sources—untrusted, user-generated content that the agent is expected to read and that can influence workflow decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's .mcp.json setup runs npx to fetch and execute remote packages at runtime (e.g., "npx -y @upstash/context7-mcp@latest" and "npx -y @anthropic-ai/mcp-server-github"), which downloads and runs external code as a required dependency for the Context7 MCP integration.