cursor-subagents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's MCP scoping docs (references/mcp-scoping.md) explicitly show subagents being wired to external servers such as a "github" MCP (via the server-github connector) and arbitrary HTTP URLs (e.g., "https://mcp/prod-db"), which means subagents will ingest untrusted, user-generated/public third-party content that can influence their outputs and thus the parent's decisions/workflow.