integrate-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user for environment variable/API secret values and instructs the agent to collect them and write them into .env files and example commands (including curl Authorization headers), which requires the LLM to receive and output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1 ("Fetch the MCP Source") explicitly web_fetches public GitHub repos, Smithery.ai pages, npm pages, and arbitrary URLs and then parses that untrusted, user-generated content to determine capabilities, env vars, installation steps and drive install/configuration/testing actions, so third‑party page content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). At runtime the skill calls web_fetch on user-supplied MCP URLs (e.g., https://smithery.ai/servers and GitHub repo URLs like https://github.com/...) to load README/docs and then injects that fetched content into the agent's analysis to generate setup and configuration instructions, so remote content can directly control prompts.