install-mcp-servers

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The NPX example explicitly shows passing an API key as a command-line argument (--api-key YOUR_API_KEY), which would require inserting a secret verbatim into generated commands and is an insecure exfiltration pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill registers external MCP endpoints (notably Apify at https://mcp.apify.com/ with tools like rag-web-browser / search-actors that scrape arbitrary websites) which will ingest and present open/public, user-generated web content for the agent to read and act on, creating a clear indirect prompt-injection surface.