mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md and references/security.md explicitly describe handling user-supplied URLs (SSRF prevention and safeUrl examples in Step 3 and references/security.md) and warn that tool descriptions and resource contents are visible to the model (Tool Poisoning section), showing MCP tools may fetch or return untrusted public web content and metadata that the agent will read and which could inject instructions.