setup-serena-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to load and read public third‑party documentation from raw.githubusercontent.com and oraios.github.io (see Step 3 "Load Serena documentation"), and then requires the agent to base setup, configuration, and runtime actions on that content, so untrusted external pages can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs the agent at runtime to load external Serena documentation (e.g., https://raw.githubusercontent.com/oraios/serena/refs/heads/main/README.md and https://oraios.github.io/serena/02-usage/020_running.html, etc.), and that fetched content is then used to generate/drive the setup instructions, so these URLs are runtime external dependencies that directly control agent behavior.