copilotkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and reference.md explicitly describe using MCPAppsMiddleware and mcpServers (Open-ended (MCP Apps) — "Agent returns full HTML/JS in sandboxed iframe" and the MCPAppsMiddleware mcpServers URL configs) which load arbitrary external URLs that return HTML/JS, exposing the agent to untrusted third-party content that could carry indirect prompt-injection instructions.