mcporter
Warn
Audited by Snyk on Apr 4, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly allows connecting to ad-hoc public MCP servers and scraping arbitrary URLs (e.g., "mcporter call https://api.example.com/mcp.fetch url=https://example.com", "mcporter list --http-url ...", and links to registries like mcpfinder.dev/mcp.so"), meaning the agent would ingest and act on untrusted third‑party content that could carry indirect prompt injections.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata