dev-swarm-mcp-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs adding external MCP servers (e.g., HTTP/SSE URLs and npx-installed MCP servers) — see references/mcp-server-claude.md and other references showing commands like "claude mcp add --transport http " and "npx -y @modelcontextprotocol/server-github" — which lets the agent ingest and use untrusted third-party services whose responses could change tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime commands that fetch and execute remote code (e.g., "npx -y @modelcontextprotocol/server-github", "npx -y @upstash/context7-mcp", "pnpm dlx airtable-mcp-server") and configures HTTP MCP endpoints such as https://api.githubcopilot.com/mcp which will supply remote model context/responses that can directly control agent prompts or execute code.