building-mcp-servers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly configures MCP connections to external HTTP/SSE/WebSocket endpoints (e.g., "url": "https://api.example.com/mcp" in the "MCP Server Types" and templates) and states that "Servers start automatically when Claude Code loads the plugin" and that MCP tools are invoked, meaning the agent will connect to and consume untrusted third-party API responses at runtime which could influence tool use and actions.