mcp-cli-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows mcp-cli configured to call public MCP servers (e.g., the "github" server and "deepwiki" URL) and includes agent workflows and a script example that fetch and read user-generated content like repository README/get_file_contents via mcp-cli call, meaning untrusted third‑party content is ingested and can influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly supports configuring MCP servers via runtime URLs (e.g., "url": "https://mcp.deepwiki.com/mcp") which mcp-cli will call to fetch tool schemas and tool responses that directly govern agent prompts/actions, so this external URL is a runtime dependency that can control agent behavior.