rudder-mcp-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow includes connecting to RudderStack’s hosted MCP server (https://mcp.rudderstack.com/mcp) and then ingesting the MCP tool responses (workspace data, docs, etc.) into the agent’s LLM context, which is outsider-authored content from a third-party server.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). This skill's configuration invokes "npx -y mcp-remote" (with the server URL https://mcp.rudderstack.com/mcp), which causes npx to fetch and execute the remote "mcp-remote" package from the npm registry at runtime, i.e., it executes remote code that the skill relies on.