security-detections-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to git-clone and curl public, user-contributed repositories and feeds (e.g., SigmaHQ, splunk/security_content, elastic/detection-rules, various GitHub KQL/CQL repos and the MITRE enterprise-attack.json in the "Getting Detection Content" section) which are ingested/indexed and used by the MCP tools and autonomous pipelines, so untrusted third-party content can materially influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs remote packages via npx (e.g., "npx -y security-detections-mcp" and "npx -y mcp-remote") and/or connects at runtime to the hosted MCP endpoint https://detect.michaelhaag.org/api/mcp/mcp, so external code and remote model-context/prompts from that URL are fetched/executed at runtime and can directly control agent behavior.