mcp-integration-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documents MCP tools that fetch and return content from arbitrary public sources—notably the fetchAPI tool (Example 5) which accepts arbitrary HTTPS URLs, Playwright/Puppeteer server tools for browsing/scraping, and Context7/GitHub documentation discovery—and the examples show LLM integrations that ingest those tool results into the chat history, exposing the agent to untrusted third-party content that could carry indirect prompt injections.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly lists Stripe as an MCP server for "payment processing" (under "Popular MCP Servers") and includes Stripe in "Enterprise Integrations". The documentation shows how MCP tools are defined and invoked (mcp.tool, callTool / call_tool), which means an MCP server like a Stripe MCP could be used to execute payment actions. Because a specific payment gateway (Stripe) is named and MCP tooling patterns for invoking tools are described, this constitutes explicit financial execution capability.