build-mcp-use-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's examples explicitly run browser and web-search MCP servers that navigate to and scrape arbitrary public URLs (see references/examples/agent-recipes.md — "Recipe 4 — Browser Automation Agent" which defaults to TARGET_URL=https://news.ycombinator.com and instructs the agent to extract page content), so the agent is expected to ingest untrusted third‑party web content that can influence subsequent tool calls and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly launches external MCP servers via runtime npx commands that fetch and execute remote npm packages (e.g., "npx -y @modelcontextprotocol/server-filesystem" and "npx @playwright/mcp@latest"), which are required at runtime and execute remote code that directly supplies the agent's tools/capabilities and thus can control agent behavior.