fastmcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and integration examples explicitly include runtime fetching of arbitrary URLs (e.g., Core Concepts "async_tool(url: str)" using httpx.AsyncClient to client.get(url), the "fetch_url" tool in Sampling with Tools, and OpenAPI auto-gen via httpx.get(spec_url)), which means the agent will ingest untrusted public web content and can act on it as part of its workflow.