mcporter-mcp-first

SUSPICIOUS: the skill’s purpose is coherent, but its trust boundary is broad. It delegates sensitive internal access through locally configured MCP servers and optionally a third-party bridge, with open-ended downstream endpoints and content sources. This is not confirmed malicious, but it has medium-high security risk from transitive trust, credential forwarding, and prompt-injection exposure.