MCP Development Skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly defines readable Resources (e.g., the "Resources" section and resource template using "github://repo/{owner}/{repo}/..."), shows a "Read a resource" client integration example that reads GitHub content, and lists common servers including "github" and "puppeteer (Web scraping)", which together demonstrate the agent will ingest untrusted public/user-generated web content that can influence actions.