mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and reference guides explicitly require fetching and WebFetch of public third‑party pages (e.g., "https://modelcontextprotocol.io/sitemap.xml" and raw.githubusercontent URLs) and instruct using web search/WebFetch as part of the required Phase 1/Documentation Inspection workflow, so the agent will read and act on untrusted, user‑generated public web content that can influence tool use and decisions.