mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The guide explicitly describes Resources and Resource URI patterns that include HTTP endpoints (see "Resource URI Patterns" with http://example.com/api/docs), shows resource handling and examples like "REST API Wrapper
• GitHub API integration" and lists "Integrating external APIs with Claude", which indicates the agent can be made to fetch and ingest arbitrary public HTTP/third-party content that could carry indirect prompt injections.