mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly tells the agent to fetch and study public web pages (e.g., "Start with the sitemap at https://modelcontextprotocol.io/sitemap.xml", fetch markdown pages like https://modelcontextprotocol.io/specification/draft.md, and use WebFetch to load https://raw.githubusercontent.com/.../README.md and "use web search and WebFetch as needed"), which clearly ingests untrusted, public third-party content that the agent is expected to read and that can influence subsequent implementation decisions and tool behavior.