context-engine

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.85). The content exposes several high-risk integration patterns (auto-starting third-party MCP packages via npx, environment-variable injection, writable MCP tool hooks, and plaintext credential profiles) that would allow third-party code to run with access to secrets and user data — enabling data-exfiltration, remote-code-execution/backdoor and supply-chain attacks if abused.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly starts MCP servers at session start by running external packages (e.g., via npx/node as configured in .mcp.json) and even points to remote package sources such as https://github.com/modelcontextprotocol/servers, meaning remote code from npm/GitHub would be fetched and executed at runtime to provide tools/prompts that directly control the agent.