typescript-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes concrete tool implementations that fetch and ingest content from external/public sources (e.g., references/tool-patterns.md "Pattern 1: External API Wrapper" (fetch to OpenWeatherMap) and "Pattern 6: Streaming Responses" which accepts a user-provided url and calls fetch(url)), so untrusted third-party content is read and returned as tool outputs that an agent can use to decide or call further tools, enabling indirect prompt injection.