databricks-agent-bricks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Supervisor Agents explicitly support External MCP Servers via a Unity Catalog HTTP Connection (see "External MCP Servers" in 2-supervisor-agents.md and SKILL.md), where the agent fetches JSON‑RPC tool definitions and descriptions from arbitrary external HTTP endpoints and uses those descriptions to drive routing and call actions, meaning untrusted third‑party content can directly influence agent decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly configures and invokes an external MCP JSON-RPC endpoint via a Unity Catalog HTTP Connection (e.g., https://my-app.databricksapps.com/api/mcp) which is called at runtime (tools/list, tools/call) to supply tool definitions and execute actions, therefore allowing remote content to control agent behavior and execute operations.