converting-mcps-to-skills

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill's examples and troubleshooting explicitly show embedding API keys/tokens directly into command-line arguments and headers (e.g., --header "Authorization: Bearer YOUR_KEY", --env "API_KEY=xxx"), which would require the agent to include secret values verbatim in generated commands and is an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly connects to arbitrary external MCP servers (e.g., scripts/mcp-http.ts accepts any http URL and scripts/mcp-stdio.ts runs arbitrary server commands) and then lists, reads tool schemas and calls tools whose responses the agent uses—meaning untrusted third-party content from public servers can be ingested and can materially influence subsequent actions.