test-mcp-server

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly asks the user for LLM API keys and may save/use them to run tests (and could require embedding them in API calls or CLI commands), so the LLM will handle secret values in its context and risks echoing them verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly asks for an arbitrary MCP server URL and then proxies JSON-RPC calls (e.g., tools/list, resources/read, prompts/get via /inspector/api/proxy and runs LLM-driven tests via /inspector/api/chat[ /stream]) against that third-party server, causing the agent to read and act on untrusted, possibly user-generated content from external MCP servers (see references/inspector-api.md and references/llm-test-guide.md).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill starts the inspector at runtime with "npx @mcp-use/inspector" which downloads and executes remote code from the npm registry (e.g. https://registry.npmjs.org/@mcp-use/inspector) and is required for the tests, so it can directly control runtime behavior.