pal-mcp-server-multi-model-orchestration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states that clink subagents have "Full CLI capabilities (web search, file access, MCP tools)" and shows workflows (e.g., security audits, consensus/analysis) where subagents can fetch and use web/search results, meaning the agent can ingest untrusted public web content that may influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation/configuration fetches and executes the repository at https://github.com/BeehiveInnovations/pal-mcp-server.git (via git clone and uvx --from git+https://...), which will run remote code that directly implements and controls the agent orchestration and prompts, and is presented as a required runtime dependency.