ln-012-mcp-configurator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs the agent to prompt the user for an API key for the "Ref" server and use it during registration/config (implying the key will be handled and embedded in commands or config), which requires the LLM to handle secret values and risks verbatim exposure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and interprets third-party content — e.g., calling public MCP HTTP endpoints (https://mcp.context7.com/mcp, https://api.ref.tools/mcp), querying the public npm registry via npm view @levnikolaevich/... version, and reusing install_graph_providers's instructions_for_agent output from the hex-graph-mcp tool — and uses those results to decide installs, registrations, and remediation actions, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs remote installers at runtime (e.g., "npx -y @levnikolaevich/hex-line-mcp" and runtime installs from GitHub such as "npm install -g github:levnikolaevich/scip-python#fix/windows-path-sep-regex" / https://github.com/levnikolaevich/scip-php), which fetch and execute external code and the hex-line package is required and controls hooks/output-style that can directly affect agent prompts and behavior.