building-mcp-server-on-cloudflare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's core workflow includes tools that fetch external HTTP APIs (e.g., the "get_weather" tool in SKILL.md that calls https://api.weather.com/${city}) and the OAuth proxy pattern in references/oauth-setup.md describes proxying to third‑party APIs like GitHub, which means the agent ingests and acts on content from open third‑party endpoints as part of its runtime flow.