build-mcp-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Flagged: the skill's required scaffolds and workflows instruct the MCP server to call external/upstream APIs and return their results into the model's context (e.g., references/remote-http-scaffold.md shows code like "const results = await upstreamApi.search(query, limit)" whose JSON is returned to Claude, and references/resources-and-prompts.md describes registering resources/URIs the host can fetch), which exposes untrusted third‑party content that can materially influence tool selection and next actions.