fastmcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes multiple patterns that fetch and ingest open-web content (e.g., mcp.tool async examples using httpx to GET arbitrary URLs, OpenAPI auto-generation calling httpx.get("https://api.example.com/openapi.json"), and icons/resources loaded from external URLs like https://example.com/icon.png), which clearly exposes the agent to untrusted third-party content that it will read and interpret at runtime.