mcp-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to fetch and read public web documents (e.g., "Use WebFetch to load: https://modelcontextprotocol.io/llms-full.txt" in Phase 1.3, the raw.githubusercontent.com SDK READMEs in Phase 1.4, and "use web search and the WebFetch tool as needed" in Phase 1.5), meaning untrusted third‑party content is ingested and used to drive implementation decisions and tool behavior.