mcp-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask for API keys/tokens and to embed them verbatim into CLI commands, environment-variable flags, and HTTP headers (e.g., -e EXA_API_KEY=, Authorization: Bearer ), which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill enables MCPs that ingest public, user-generated content — notably the "Exa Web Search" (open web pages), "GitHub" integration (public repos/issues), and the "Custom" HTTP MCP option that accepts arbitrary URLs — so agents will read and act on untrusted third-party content that could carry indirect prompt injection.