test-by-mcpc-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (SKILL.md and referenced guides) direct the agent to connect to arbitrary Streamable HTTP or stdio MCP servers (e.g., "mcpc connect https://research.yigitkonur.com/mcp @research") and to run commands that read and act on server-provided tools, prompts, resources, and tool results (e.g., tools-call search-reddit, resources-read), which are untrusted third-party/user-generated content that can influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly connects at runtime to https://research.yigitkonur.com/mcp (used in many examples/CI flows) which returns tools/prompts/resources that can directly control agent instructions, and the stdio/streamable examples run "npx -y @modelcontextprotocol/server-everything" (fetches and executes remote code) — both are runtime external dependencies relied on by the skill.