agent-tool-routing
Warn
Audited by Snyk on Jun 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill ingests tool metadata from MCP server discovery (
await c.list_tools()), wheret.descriptionis LLM-facing free text authored by an external MCP server (outsider) and is then embedded/placed into the LLM tool list context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's runtime discovery code calls Client("http://billing-mcp:8080") to fetch tool descriptions that are injected into the registry and presented to the LLM, so content from http://billing-mcp:8080 directly controls agent prompts/tool selection.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata