mcporter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). mcporter explicitly supports calling arbitrary/public URLs and ad-hoc servers (e.g., "mcporter call https://api.example.com/mcp.fetch url:https://example.com" and "mcporter call --stdio 'bun run ./server.ts' scrape url=https://example.com"), so the agent will fetch and interpret untrusted third‑party web content and could be exposed to indirect prompt injection.