mcp-installer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to run websearch/webfetch and to discover MCPs from public registries and sites (e.g., https://github.com/modelcontextprotocol/servers, npm packages @modelcontextprotocol/server-*, grep.app, and other public MCP endpoints), meaning it fetches and ingests untrusted, user-generated/open-web content as part of its workflow.