build-mcp-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's server/widget guidance explicitly shows fetching external URLs server-side (e.g., the toDataUrl example in references/iframe-sandbox.md / widget-templates.md that fetches arbitrary image URLs) and the widget API can inject that fetched content into the conversation via app.sendMessage / updateModelContext, meaning untrusted public content could be ingested and materially influence agent behavior.