llm-router

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly enables MCP integration with external services such as public GitHub (e.g., "swiftopenai agent 'List my repos' --mcp-servers github --allowed-tools 'mcp__github__*'" and "Read package.json and explain dependencies"), which would fetch and have the agent read user-generated, public third-party content and thus could enable indirect prompt injection.