mcp2cli-runtime-api-tooling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly fetches and ingests remote, potentially public specs/endpoints (e.g., --spec https://..., --mcp https://..., --graphql https://...) to introspect OpenAPI/MCP/GraphQL servers and generate CLI tools at runtime, so untrusted third‑party content can be read and directly influence tool generation and subsequent agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches and uses remote API specs and runs remote packages at runtime—e.g., mcp2cli --spec https://api.example.com/openapi.json (fetched spec directly shapes generated CLI/tool behavior) and npx @modelcontextprotocol/server-github (executes remotely-fetched code)—so external content can control the agent's tools/behavior.