mcp2cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to connect to user-specified external MCP/OpenAPI/GraphQL endpoints (e.g., "uvx mcp2cli --mcp https://target.example.com/sse --list" and "--spec https://api.example.com/spec.json") and to inspect and test returned commands/responses as part of generating a skill, which means the agent will fetch and interpret untrusted third‑party API specs/responses that could contain instructions influencing subsequent actions.