mcp-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation (references/tool-patterns.md) shows a tool example that fetches arbitrary URLs via fetch_data(arguments["url"]) and returns that content to the model (and references/auth-patterns.md demonstrates httpx calls to external endpoints), so the agent can ingest untrusted public web content which could influence its actions.