FastMCP Development

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains multiple examples and instructions that hard-code or pass secrets as literal env vars/CLI args (e.g., config JSON with API_KEY, client_secret, BearerAuth(token=...)), which encourages the agent to embed user-provided secrets verbatim in generated code/configs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md's Resources and Context workflows show the server reads external data (e.g., dynamic resources like get_weather calling fetch_weather(city), ctx.read_resource usage, and the "create_proxy" example pointing to https://api.example.com/mcp/sse), and the required checklist explicitly instructs adding/verifying resources—meaning untrusted third‑party content can be ingested and passed to the LLM, which could materially influence tool behavior.