mcp-csharp-publish

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes command examples that embed secrets verbatim (e.g., --api-key YOUR_NUGET_API_KEY, --secrets api-key=my-actual-api-key, docker -e API_KEY=test-key), which would encourage an agent to output actual secret values in commands or configs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required publish workflow instructs contacting and interacting with public registries and third-party releases (e.g., Step 4 "Publish to MCP Registry" including curl to https://registry.modelcontextprotocol.io and installing mcp-publisher from GitHub/releases as shown in references/mcp-registry.md), which clearly involves ingesting untrusted, user-controlled web content that can influence publishing decisions and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's CI example explicitly curls and saves a binary from https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher-linux-amd64 and then runs it (./mcp-publisher), which is a runtime fetch that executes remote code and is presented as a required step for publishing to the MCP Registry.