mcp-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly enables calling external MCP servers and tools (mentions interacting with GitHub, APIs, and other external systems) and includes commands like mcp-cli / and filesystem/read_file that return and expose file or API content, so the agent can ingest untrusted, user-generated third‑party content.