google-surf-mcp-search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The majority of links (Nature, arXiv, example placeholders) are benign content sources, but the skill includes running/Installing code via npx and a GitHub repo (unvetted author/package), which is a common vector for malware and elevates the overall risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md documents tools like search, extract, and search_extract that perform Google searches and fetch/extract text from arbitrary public URLs and PDFs (e.g., arXiv, Nature), so the agent will ingest untrusted third‑party web content that could contain actionable instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's extract/search_extract tools fetch arbitrary external URLs at runtime (e.g., https://arxiv.org/pdf/2301.12345.pdf) and return the fetched document text into the agent context, which can directly control prompts/instructions provided to the model.