converting-mcps-to-skills

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and troubleshooting explicitly show embedding API keys/tokens in command-line headers and --env flags (e.g., --header "Authorization: Bearer KEY", --env "API_KEY=xxx"), which would require the LLM to include secret values verbatim in generated commands and thus pose a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly connects to arbitrary external MCP servers (e.g., scripts/mcp-http.ts accepts any http URL and scripts/mcp-stdio.ts runs arbitrary server commands) and then lists, reads tool schemas and calls tools whose responses the agent uses—meaning untrusted third-party content from public servers can be ingested and can materially influence subsequent actions.