mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch public web pages (e.g., https://modelcontextprotocol.io/sitemap.xml and https://raw.githubusercontent.com/modelcontextprotocol/typescript-sdk/main/README.md) and to use web search/WebFetch to load third‑party documentation that the agent is expected to read and act on during MCP server design and implementation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs runtime fetches (e.g., https://modelcontextprotocol.io/sitemap.xml and pages like https://modelcontextprotocol.io/specification/draft.md, plus raw GitHub reads such as https://raw.githubusercontent.com/modelcontextprotocol/typescript-sdk/main/README.md and https://raw.githubusercontent.com/modelcontextprotocol/python-sdk/main/README.md) to load external markdown into the agent context, which would directly control prompts/instructions used during operation.