ask-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md Execution Steps explicitly instruct the agent to call mcp__deepwiki__read_wiki_contents and mcp__deepwiki__ask_question on public repositories (e.g., "Lightprotocol/light-protocol"), which makes the agent fetch and interpret user-generated third-party wiki/repository content that can influence its answers and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes DeepWiki MCP at runtime to fetch repository content (e.g., mcp__deepwiki__read_wiki_contents("Lightprotocol/light-protocol") and similar calls for "blueshift-gg/blueshift-dashboard", "anthropics/claude-code", "anthropics/skills"), which would be injected into the agent context and directly control the agent's outputs, so these external repo fetches are runtime dependencies that influence prompts.