webmcp-register-tool
Warn
Audited by Snyk on Mar 31, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching live docs from the public URL https://webmachinelearning.github.io/webmcp/ and performing web searches for the registerTool specification, which requires the agent to ingest and act on third-party public web content that could contain untrusted instructions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill docs define a general tool-registration API, but include a concrete, explicitly transactional example: a "placeOrder" tool whose description says "Place the current order and charge the saved payment method" and whose execute callback issues a POST to /api/orders to perform the charge. That example is specifically designed to initiate a payment/charge (i.e., move money), so the skill contains explicit financial execution capability.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata