tool-scout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs web searches and GitHub queries and reads third‑party content (e.g., web search results, GitHub repos and READMEs, awesome‑lists, and MCP catalogs like smithery.ai) as described in SKILL.md/README and uses that content to drive recommendations and deep‑dive actions, so untrusted, user‑generated pages can directly influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs runtime web/GitHub/MCP queries and “reads the README (first 200 lines)” from found awesome/GitHub repos and queries MCP catalogs (e.g. https://github.com and https://smithery.ai), which means external content fetched at runtime is injected into the agent context and can directly control prompts/results.