create-mcp-servers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s templates and examples explicitly call external HTTP APIs and fetch public data (e.g., httpx/axios calls in the Traditional/On-Demand code, cached_api_call with fetch(url), and the GitHub/Circle/Meta-Ads examples and resources-based pattern that expose API responses and user-generated content as MCP resources), so the agent will read and interpret untrusted third-party API/web content as part of its workflow.