mcp-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's templates (notably templates/authenticated-api.ts) include an apiRequest that performs fetch(${CONFIG.apiBaseUrl}${endpoint}) to arbitrary external API_BASE_URL endpoints and returns the JSON results as tool output for the agent to read, so it clearly ingests and exposes untrusted third‑party content.