github-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly configures a project MCP pointing at https://api.githubcopilot.com/mcp and says it will be used to access GitHub "PRs, issues, repo content" (user-generated/public third-party content) which Claude will read and act on, exposing the agent to untrusted third-party content that could influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill writes a project .mcp.json that points the agent to the remote MCP endpoint https://api.githubcopilot.com/mcp which will be contacted at runtime and can supply instructions/prompts to the agent, making it a required external dependency that can control agent behavior.