create-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's UC connection flow (examples/uc-connection.md) explicitly instructs creating Unity Catalog HTTP connections to external MCP servers and notes the UC connections proxy supports arbitrary sub-paths and all HTTP methods (and mentions providers like GitHub/Google Drive), meaning the agent will call and interpret responses from potentially untrusted third-party endpoints.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill exposes MCP API endpoint patterns that agents call at runtime (e.g., {host}/api/2.0/mcp/functions/{catalog}/{schema}/{function_name} and {host}/api/2.0/mcp/external/{connection_name}), which are used to invoke remote UC functions or proxy external MCP servers that execute remote code and thus are runtime external dependencies that can control execution.