test-by-mcpc-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs connecting to arbitrary remote MCP servers and reading their user-provided discovery data (e.g., "mcpc connect ...", "mcpc --json @session tools-call search-reddit", "prompts-get", "resources-read") — see SKILL.md and the reference workflows (e.g., examples connecting to https://research.yigitkonur.com/mcp and resources-read demo://...) — so it clearly ingests untrusted third-party content (tools/prompts/resources) that can influence subsequent tool use and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes payment-related functionality: it references "x402-payments" and calls out "Wallet setup, x402 sign, and --x402 session behavior" and lists "Auth, proxy, or x402 payment edge cases" as a use branch. These are explicit crypto/wallet signing and payment-related operations (not just generic HTTP/CLI automation), which match the crypto/blockchain (wallets, signing) item in the Core Rule for Direct Financial Execution.