cherry-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and CLI commands that accept and display API keys as literal arguments (e.g., node cli.js set-env ... ghp_xxx and export GITHUB_TOKEN=ghp_xxx), which would require the agent to handle or emit secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The bridge exposes and returns outputs from user-configured MCP servers (for example the provided "npx @anthropic/mcp-github" server) via its HTTP API, so the agent will read and act on untrusted, user-generated public content (e.g., GitHub) fetched by those third-party MCP tools.