mcp-auth-expressjs-scalekit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to collect secrets (SK_CLIENT_ID, SK_CLIENT_SECRET) and to create a .env "fill[ed] [with] real values", which requires embedding secret values verbatim in generated files/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes a public MCP POST endpoint (see app.all('/') in assets/new-project/src/server.ts and assets/retrofit/mcp-route.ts and the SKILL.md "MCP endpoint: POST /") that accepts JSON-RPC messages from arbitrary external MCP clients (Claude/Cursor/other clients), i.e., untrusted third-party input which the server reads and uses to drive tool execution and behavior.