add-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries public sources (the npm registry and known MCP server directories/GitHub) for third-party MCP packages and then inspects/starts discovered MCP servers to read their exposed tool lists and metadata, so untrusted package metadata and server-provided tool descriptions are ingested and can materially influence subsequent tool selection and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly searches the npm registry and generates/uses npx commands to start pre-built MCP packages, which means it can fetch and execute remote code from the npm registry (https://registry.npmjs.org/) at runtime during connectivity testing.