fastmcp-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The documentation explicitly describes runtime fetching and interpretation of open/public third-party content (e.g., fetching CIMD client metadata JSON from HTTPS URLs "When a client presents an HTTPS URL as its client_id" and loading JWKS/OIDC configuration from provider URLs like jwks_uri or /.well-known/openid-configuration) which the server reads and uses in its authentication workflow, exposing it to untrusted/user-provided content.