test-mcp-by-cli

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This is a direct raw GitHub URL to an install.sh from a third‑party account that the skill instructs users to curl | bash — executing an unsigned remote shell script from an unverified repo can run arbitrary/malicious code and lacks integrity/signature checks, so it should be treated as high risk unless you verify the repository and script contents.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs connecting to arbitrary HTTP servers via the "url" server config and running mcp-cli call to ingest and parse raw MCP JSON (references/configuration-and-arguments.md, references/testing-flow.md, references/output-debugging-and-chaining.md), and even suggests fetching a remote install script from raw.githubusercontent.com—so untrusted third-party responses are read and used to drive chaining/conditional commands and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime install commands that fetch and pipe a remote installer script (curl -fsSL https://raw.githubusercontent.com/philschmid/mcp-cli/main/install.sh | bash) which executes remote code and is relied upon to provide the required mcp-cli dependency.