mcp-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill connects to configured MCP servers (from .claude/.mcp.json) and aggregates/list-tools and list-prompts from those servers into assets/tools.json (and may invoke tools like a Gemini CLI screenshot on arbitrary URLs), so the agent ingests and reads potentially untrusted, public third-party content from external MCP servers and arbitrary web URLs.