mcp-sentinel

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly reads and stores full file contents, diffs, and "suspicious code" lines (including SKILL.md, scripts, .env, etc.) and presents them in reports and user-facing output, which will cause any embedded API keys, tokens, or passwords to be reproduced verbatim — a direct secret-exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires non-optional WebSearch/WebFetch of public, user-generated sources (e.g., raw GitHub files and advisories, vulnerablemcp.info, mcpscan.ai, Snyk, ClawHub/VirusTotal, Reddit r/ClaudeAI and Discord) and instructs the agent to read/interpret those results to drive coherence analysis, diffs, and install/remediation decisions, so untrusted third‑party content can materially influence the agent's actions.