bundle-maker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs installing and configuring MCP servers that connect to external HTTP APIs and services (e.g., Figma/GitHub) — see references/mcp-integration-guide.md, examples/complete-bundle/.mcp.json and scripts/add-mcp-to-bundle.sh — so the agent is expected to load and act on untrusted, user/third-party content from those services which could materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes MCP server configurations that the runtime will call (e.g., .mcp.json references https://api.figma.com/v1/mcp/ and plugin examples reference https://api.githubcopilot.com/mcp/ and https://mcp.sentry.dev/mcp), which are invoked at runtime to expose tools/resources/prompts (and stdio MCPs can execute local commands), so these external endpoints can directly influence agent behavior and execute code.