repo-explorer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md explicitly instructs using Gitee MCP tools (get_file_content, search_files_by_content) to fetch and read repository files like README.md, code, and CONTRIBUTING.md from Gitee repositories (public, user-generated content), which the agent ingests and uses to drive analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill uses the Gitee MCP Server at runtime (get_file_content / search_files_by_content) to fetch repository files which are injected into the agent’s context and thus can directly control prompts; flagged dependency: Gitee MCP Server (get_file_content, search_files_by_content).