deepcode-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly enables a webSearchTool ("Web Search Integration" / webSearchTool in settings.json) and describes MCP servers including a browser/puppeeteer server under "MCP Integration", which means the agent can fetch and ingest arbitrary public web content and third-party sources as part of its workflow—exposing it to untrusted, user-generated content that could contain indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's MCP configuration runs npx to fetch and execute remote MCP server packages at runtime (e.g., npx -y @modelcontextprotocol/server-github — https://www.npmjs.com/package/@modelcontextprotocol/server-github, plus related packages like https://www.npmjs.com/package/@modelcontextprotocol/server-filesystem, https://www.npmjs.com/package/@modelcontextprotocol/server-postgres, https://www.npmjs.com/package/@modelcontextprotocol/server-puppeteer, https://www.npmjs.com/package/@modelcontextprotocol/server-slack), which downloads and executes remote code that provides model context/tools and can therefore directly influence prompts and agent behavior.