admin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to query and act on external MCP servers and memory services (e.g., SimpleMem at mem.self-host.io via references/memory-integration.md, MCP servers like "fetch" and "brave-search", NPX/npm packages and GitHub clones in references/mcp.md and SKILL.md) as part of mandatory workflow steps, so untrusted third-party/user-generated content is read and can influence tool use and decisions.