mcp-security-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs Claude to run scans against arbitrary public targets (e.g., "Scan https://example.com for critical vulnerabilities", "Test https://example.com/page?id=1 for SQL injection", and network recon examples using Nuclei, SQLMap, WhatWeb, etc.), so the agent will fetch and interpret untrusted third‑party web content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs running docker/docker-compose commands that change host state (start containers, create networks), suggests host filesystem mounts (including /var/run/docker.sock), and even recommends chown and editing system config paths—actions that can modify the machine and enable privilege escalation—so it poses a high risk of compromising the host.