Finding Categories

Skills that download or reference external files, URLs, or resources

MCP server configuration issues or insecure defaults

Skills that execute shell commands, system calls, or subprocess operations

Skills with patterns that could enable prompt injection attacks

Server-side request forgery risks targeting cloud metadata or internal services

Skills with patterns that could leak sensitive data to external endpoints

Supply chain risks: typosquatting, dependency confusion, or untrusted packages

MCP protocol abuse: tool poisoning, rug pulls, or cross-origin attacks

Indirect prompt injection via external data sources

Skills that load or embed untrusted third-party content

Skills that handle, expose, or hardcode credentials and secrets

Multi-step flows that combine benign tools into dangerous chains

Unicode/homoglyph tricks used to obfuscate malicious content