Skills
skills/orcaqubits/agentic-commerce-skills-plugins/webmcp-setup/Snyk

webmcp-setup

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md "Fetch live docs" workflow explicitly instructs the agent to fetch https://developer.chrome.com/blog/webmcp, search GitHub for the MCP-B polyfill README, fetch the MCP‑B npm page, and check chromestatus pages, so the agent will ingest public third‑party (including user‑authored GitHub/npm) content that can directly influence setup actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 06:10 AM
Issues
1