search-web

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly performs open web searches via Exa and conditionally reads webpage bodies and GitHub content (SKILL.md steps 4–6, README.md and examples/usage.md show mcp__exa__web_search_exa, webpage 正文读取, mcp-deepwiki and github-fetcher), ingesting untrusted public/user-generated web and repo content into the agent's decision-making/output pipeline.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires and installs/uses remote MCP code that is fetched and executed at runtime (e.g. the stdio MCP commands that run "npx -y @upstash/context7-mcp@latest", "npx -y mcp-deepwiki@latest", "npx -y github-fetcher-mcp") and also configures a remote MCP endpoint https://mcp.exa.ai/mcp — these fetch-and-execute steps run remote code the agent depends on, so they present a runtime execution risk.