awesome-mcp-servers-discovery

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed credentials verbatim (connection strings with passwords, a .env showing ghp_/sk_-style tokens, and commands like echo $GITHUB_TOKEN), which encourages exposing secrets directly rather than keeping them only in environment variables or secure tools.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching and inspecting public, user-generated sources—e.g., "git clone https://github.com/YuzeHao2023/Awesome-MCP-Servers", "Browse https://github.com/...", "Check Issues and Discussions tabs on GitHub", and use of mcp-cli inspect and AgentQL/fetch servers—so the agent is expected to read and act on untrusted third-party content that could influence tool use and decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes instructions that change system ownership/permissions (chown root:mcp, chmod 500), write logs to /var/log, and recommend global installs (npm install -g) and configuration of system-level services—actions that modify machine state and often require sudo/elevated privileges.