mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs the agent to fetch and read public web pages (e.g., "https://modelcontextprotocol.io/sitemap.xml", raw GitHub URLs like https://raw.githubusercontent.com/modelcontextprotocol/... and the note "Use web search and WebFetch as needed"), so the agent will ingest untrusted, publicly‑hosted content that can materially influence implementation decisions and tool behavior.