mcp-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly configures and invokes MCP servers that fetch and browse arbitrary web content (e.g., server-brave-search, server-fetch, server-puppeteer/playwright in references/configuration.md and assets/tools.json) and the CLI/mcp-client (scripts/cli.ts and scripts/mcp-client.ts) accept URLs and read resources (e.g., playwright_screenshot_fullpage, readResource, gemini CLI examples), so the agent will read and interpret untrusted third‑party web content.