langchain4j-mcp-server-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly consumes external MCP servers and their content (e.g., references/api-reference.md and assets/mcp-server-template.java show McpClient methods listTools/listResources/getResource/getPrompt and transports like HttpMcpTransport or StdioMcpTransport that can run npm-executables), meaning untrusted third-party tools, resources, and prompt templates are ingested and can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The examples configure a Stdio transport that executes external packages/processes at runtime (e.g., "npm exec @modelcontextprotocol/server-everything@0.6.2" and "npm exec @modelcontextprotocol/server-sqlite@0.6.2", and a docker image "mcp/github"), which runs remote code and can supply MCP tools/prompts that directly control agent instructions, so this is a runtime external dependency with direct control/execution risk.