mcp-light-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly loads and proxies external MCP servers (Step 2's ToolSearch and the proxy_client = ProxyClient("npx @...") pattern described in references/fastmcp-proxy-pattern.md), reading tool descriptions/prompts from third-party MCP packages which the agent analyzes and uses to build light descriptions and best-practice skills, so untrusted external content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses ProxyClient("npx @notionhq/notion-mcp-server") (and the analogous "npx @original/mcp-server") at runtime, which will fetch and execute an external npm package via npx and proxy the original MCP server's tool prompts/instructions into the agent, so remote code and prompts directly control the agent.