mcp-pipeline-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The pipeline explicitly fetches and clones arbitrary repository URLs in Phase 1 ("Fetch the repository: If a URL is given, clone or read via the web"), then directly analyzes that untrusted public repo content and uses it to generate the design, tool implementations, and registration—so third‑party repo content can materially influence tool selection and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches/clones arbitrary repository URLs at runtime (e.g., "https://github.com/org/repo" or git@github.com:org/repo.git) and uses the repo contents to drive analysis, design, and code generation—i.e., the fetched content is injected into the pipeline and directly controls the agent's outputs.