google-webmcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Core Workflow explicitly instructs the agent to run public web searches and fetch pages using commands like google-webmcp-cli search.web and page.get and to "Summarize these results" (core steps 4–5), which means it ingests untrusted public search results and web pages that can materially influence downstream actions and therefore could enable indirect prompt injection.