tool-extension

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly lists Brave Search and GitHub as available MCP servers, which indicates the skill fetches and ingests open/public third-party content (search results and public repo data) that the agent would read and could materially influence its decisions or tool use.