tanav.aiScanResearchARDGet Started
Open appTry free scan →
Checkers / CHK-027
CHK-027
CRITICAL

Data exfiltration instruction in skill

category: skill_issue · source: services/scanner/skill_scanner.py
OWASP MCP Top 10MCP-T08Data Exfiltration

What it detects

Instructions inside a SKILL.md file that direct the agent to send data to an external HTTP endpoint — POST/curl/wget/fetch to a non-local URL, or phrasing like "send to the server/endpoint/url/api" or "upload/transmit/pipe to remote".

This fires on the instruction itself, not on legitimate API documentation — the pattern requires an explicit send/transmit verb paired with an external destination, not just the presence of a URL.

Real example

screenpipe/screenpipe19k★CONFIRMED

SKILL.md instructs the agent to exfiltrate data via Telegram. AI-confirmed.

How to fix it

Remove all instructions to send data to external URLs from the skill definition

Skill files must not instruct the agent to transmit data anywhere outside the user's own request/response loop. If the skill's actual purpose requires an external call (e.g. a legitimate webhook integration), that call belongs in MCP server tool code with explicit user-visible configuration — not buried in a skill description the user never reads before it's loaded into every agent context.