peek

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow calls the peek MCP tools (list_repos, ask_repo) to fetch and synthesize repository content from the indexed repo; that content is authored by third parties (outsider codebase contributors) and is ingested as readable text into the agent’s LLM context via the MCP tool responses.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires calling the external MCP endpoint https://codepeekr.dev/api/mcp at runtime (via list_repos/ask_repo) to fetch synthesized answers that directly determine the agent's responses, so the remote content can control prompts.