copilotkit-integrations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill wires CopilotKit to external agent HTTP endpoints (e.g., agentUrls/orchestratorUrl in references/integrations/a2a.md and numerous Next.js route examples in SKILL.md) and explicitly describes agents rendering declarative A2UI components and issuing tool calls that the frontend/runtime will render and act on, meaning untrusted third‑party agent content can be ingested and directly influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's runtime example configures an external MCP server at https://mcp.excalidraw.com via MCPAppsMiddleware (mcpApps.servers) which is fetched at runtime to add MCP content/tools that can be injected into the agent's model context and thus directly influence prompts and agent behavior.