webmcp-register-tool

Warn

Audited by Snyk on Mar 19, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching live docs from the public URL https://webmachinelearning.github.io/webmcp/ and performing web searches for the registerTool specification, which requires the agent to ingest and act on third-party public web content that could contain untrusted instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill docs define a general tool-registration API, but include a concrete, explicitly transactional example: a "placeOrder" tool whose description says "Place the current order and charge the saved payment method" and whose execute callback issues a POST to /api/orders to perform the charge. That example is specifically designed to initiate a payment/charge (i.e., move money), so the skill contains explicit financial execution capability.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 19, 2026, 07:33 AM
Issues
2
Security Audit — snyk — webmcp-register-tool