mcp2cli-api-to-cli
Warn
Audited by Snyk on May 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly fetches and ingests remote, arbitrary third-party API descriptions and endpoints (e.g., --spec https://api.example.com/openapi.json, --graphql https://api.example.com/graphql, and --mcp https://mcp.example.com/sse) as part of its runtime command-generation, so untrusted external content can influence tool behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). This skill explicitly fetches remote OpenAPI/GraphQL/MCP endpoints at runtime (e.g., https://api.example.com/openapi.json and https://mcp.example.com/sse, and even runtime npx commands like npx @modelcontextprotocol/server-filesystem) to dynamically generate CLI tools, meaning external specs/servers can directly control the agent's generated instructions or cause remote code to be executed.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata