configure-canvas-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (Step 3) asks the user to paste a Power Apps studio URL (a public/third‑party URL) whose path and query values are parsed and used as ENV_ID/APP_ID to drive registration in Step 4, and Step 4 also invokes a public package source (https://api.nuget.org/v3/index.json), so untrusted external content can materially influence the tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs running commands that fetch and install the MCP server package from the NuGet index (https://api.nuget.org/v3/index.json), which will download remote code at runtime and is required to run/execute the MCP server (e.g., via claude mcp add ... -- dnx ... --source https://api.nuget.org/v3/index.json), so this external URL directly results in executing remote code.