desktop-commander-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's read_file entry explicitly supports isUrl: true and reading webpages/images/PDFs from arbitrary URLs, so the agent can fetch and interpret public third‑party web content and thus is exposed to indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly enables reading/writing files, running arbitrary shell processes, killing processes, and managing server configuration—and even notes that terminal commands are not sandboxed by allowedDirectories—so it facilitates host state changes and potentially privileged operations.