fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The fetch skill (fetch.py) launches the MCP fetch server (@smithery/mcp-fetch) and calls tools/call "fetch" on arbitrary user-supplied URLs, then reads and prints the fetched webpage text—so the agent ingests untrusted public web content from arbitrary URLs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The fetch skill starts an MCP fetch tool at runtime and will fetch arbitrary webpage content (e.g., the runtime example "https://example.com") and inject that content into the agent's context, meaning remote pages can directly control prompts or supply executable instructions.