webmcp-authentication

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md "Before writing code" section explicitly instructs fetching live docs from https://webmachinelearning.github.io/webmcp/ and performing web searches (e.g., "web-search webmcp authentication session cookies browser agent"), so the agent is required to ingest open/public third‑party web content that could materially influence tool registration and runtime behavior.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 06:09 AM
Issues
1
Security Audit — snyk — webmcp-authentication