mcp-skill-gen

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The set is suspicious because the skill explicitly directs users to run a raw GitHub shell installer (curl ... | sh) from an unknown user/repo (raw.githubusercontent.com/vaayne/mcphub/.../install.sh) — a high‑risk pattern that can execute arbitrary code; the other endpoints (mcp.exa.ai and the placeholder api.example.com) are ambiguous and do not reduce that risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill reads and incorporates tool metadata from arbitrary MCP servers in "URL mode" (see "Discover Tools" and the usage blocks like mh list -u <url> -t <transport> and mh inspect -u <url> -t <transport>), which fetches untrusted third-party content that the generator interprets and uses to produce runnable skill invocations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires the mh CLI as a prerequisite and explicitly instructs running curl -fsSL https://raw.githubusercontent.com/vaayne/mcphub/main/scripts/install.sh | sh, which fetches and executes remote code from that URL to install a required dependency.