poke-mcp-tunnel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs registering and connecting to arbitrary external MCP servers (see SKILL.md plus references/mcp-add-remote.md and references/tunnel-local.md), causing the agent to fetch and execute/interpret tools and content served by untrusted third-party URLs which can materially change its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the CLI to connect to a user-specified MCP endpoint at runtime (e.g., the example URL "https://example.com/mcp" used with poke mcp add / poke tunnel), and that external MCP server is queried to load "tools"/instructions which directly influence the agent's behavior, so the external URL controls agent prompts/operations.