mcp-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to search and extract public web content—e.g., mcp__exa__web_search_exa for broader web context, mcp__exa__get_code_context_exa (covering GitHub and Stack Overflow), and mcp__jina__search_web + mcp__jina__read_url for page extraction—so untrusted, user-generated third‑party pages can be ingested and materially influence subsequent actions.