using-mcp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and command patterns that pass secrets inline (e.g., --env API_KEY=your_key and tool_params in run_skills_snippet), which requires the agent to embed secret values verbatim in generated commands/code, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow mandates running scripts that call mcp.get_tools() and mcp.get_tool_schema() (see SKILL.md Step 1/Step 2 and scripts/get_tools.py and scripts/get_tool_schema.py), and the add_server.py explicitly allows registering arbitrary http URLs as MCP servers, meaning the agent will fetch and interpret untrusted third-party tool lists and JSON schemas which directly determine subsequent tool calls.