setup-mcp-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to call an MCP endpoint (https://mcp.inlay.dev/YOUR_SITE_SLUG) and use tools like search_pages and get_page_content to fetch and read site content, which can be arbitrary/untrusted third-party pages and thus could inject instructions that influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs agents to call the MCP endpoint at https://mcp.inlay.dev/YOUR_SITE_SLUG at runtime to fetch site page content (and relies on https://cdn.inlay.dev/embed.js to enable indexing), and those fetched pages are injected into the agent context and can directly control prompts/behavior.