mcp-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs embedding secrets as literal command-line/env arguments (e.g., --env REDASH_API_KEY=abc123, GITHUB_TOKEN=ghp_xxx), which forces the agent to handle and potentially output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill lets the agent call arbitrary HTTP MCP servers (see --add-http, HttpSession/http_call_tool in cli.py/scripts/mcp_call.py and the README/SKILL.md multi-tool workflow examples) and directly reads/parses those servers' responses (tools/call, tools/list) which are then used by agent-generated scripts, so untrusted public third-party content can be ingested and influence subsequent actions.