typescript-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's templates and examples (e.g., tool-server.ts's fetch to https://api.openweathermap.org/data/2.5/weather and the described integrations with external APIs, D1/KV/R2, and Vectorize) show the MCP server fetching and returning data from public third‑party sources that the agent is expected to read and interpret, exposing it to untrusted content and potential indirect prompt injection.