mastra-hono

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly shows consuming external, third-party content—e.g., "Consuming MCP Servers" and "MCP Tools in Workflows" in references/mcp-server-patterns.md (mcpTools({ server: 'http://...'})), RAG patterns that index/query arbitrary documents via mastra.vectors (references/rag-memory-patterns.md), and examples that fetch public APIs (e.g., githubTool)—all of which let untrusted/web-sourced content be read and used by agents to influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime MCP client usage that loads tools/prompts from an external MCP server (e.g., http://mcp-server:8080), which fetches remote prompts/tools at runtime that can directly control agent instructions or cause execution, so it is a risky external dependency.