spoon-agent-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly includes an MCP web-search tool in scripts/mcp_agent.py (the tavily-search MCPTool with mcp_config using "npx tavily-mcp" and other URL-based MCP configs) and the example agent.run calls ("Find the latest news...") show the agent will fetch and interpret open web content, meaning untrusted third-party content can be ingested and influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The mcp_agent.py example runs an NPX-based MCPTool via the command "npx -y tavily-mcp", which at runtime fetches and executes remote package code (from the npm registry, e.g. registry.npmjs.org/tavily-mcp), so this is a runtime external dependency that executes remote code.