mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md explicitly requires the agent to fetch and read external public documents (e.g., "Fetch the latest MCP protocol documentation" at https://modelcontextprotocol.io/llms-full.txt, raw GitHub READMEs, and instructs to "use web search and the WebFetch tool as needed"), so the agent will ingest untrusted/open-web content that can materially influence tool design and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent at runtime to WebFetch and load external documentation (e.g., https://modelcontextprotocol.io/llms-full.txt and https://raw.githubusercontent.com/modelcontextprotocol/python-sdk/main/README.md and https://raw.githubusercontent.com/modelcontextprotocol/typescript-sdk/main/README.md), which would be fetched and injected as authoritative MCP instructions that directly control the agent's prompts/behavior.