mcp-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that embed credentials directly in CLI arguments and auth headers (e.g., "Bearer your-token-here", "--auth-user "username:password"", and exporting/using personal access tokens), which would require the LLM to output secret values verbatim if followed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly connects to arbitrary external MCP servers and fetches resources and prompts (e.g., "mcp tools https://example.com/mcp", "mcp read-resource ", and examples for GitHub/Brave Search/Puppeteer), so the agent can ingest untrusted public web or user-generated content that could deliver indirect prompt injection.