mcp-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs calling online MCPs that fetch public web content (e.g., "mcporter call web-search-prime.web_search_prime" and "mcporter call web-reader.webReader url=..."), which ingests arbitrary/untrusted web pages and search results that the agent is expected to read and could materially influence subsequent actions.