mcp-to-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the agent to paste user-provided MCP configuration into a here-doc (cat > /tmp/mcp-config.json << 'EOF' ...), and to generate commands/examples that embed that configuration, which can contain API keys/secrets and therefore requires the LLM to output secrets verbatim, creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime executor (scripts/exec-with-env.sh) ends by invoking "npx -y mcp-to-skill@0.2.2", which fetches and executes remote npm package code at runtime (mcp-to-skill via the npm registry), making this a required external execution dependency and thus a runtime execution risk.