content-editing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Part 4 (Fact-Checking with the Documentation MCP Server) instructs the agent to use the hosted MCP server (https://influxdb-docs.mcp.kapa.ai) which indexes rendered docs plus "community forums, and some third-party tool documentation" — i.e., untrusted, user-generated web content — and explicitly requires the agent to read and act on those returned chunks via the search_influxdb_knowledge_sources tool during editing, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs the AI assistant to add and query the hosted MCP server at https://influxdb-docs.mcp.kapa.ai during runtime (via the search_influxdb_knowledge_sources tool), which returns documentation chunks that are injected into the assistant's context and can directly influence prompts/responses, so this external URL is a runtime dependency that controls agent behavior.