copilot-cli-mcp-config

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly allows configuring and connecting to external MCP servers (see the "HTTP" and "SSE" examples with "url" fields like https://api.githubcopilot.com/mcp/readonly and https://docs.mcp.cloudflare.com/sse, and "local" examples that pull code via git+https), which the agent will connect to and consume as part of its runtime toolset, so untrusted third‑party server responses could materially influence tool use and actions.