fastmcp-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions explicitly describe runtime fetching and inclusion of external, user-provided web resources — e.g., "MCP Resources (@-mentions) Servers can expose resources ... Resources are fetched and included as attachments" in references/claude-code-mcp-integration.md, ProxyProvider examples (create_proxy('http://remote/mcp')) in the providers docs, and app HTML importing scripts from https://unpkg.com in references/apps.md — so untrusted third-party content can be ingested and influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The UI resource HTML includes a runtime module import from https://unpkg.com/@modelcontextprotocol/ext-apps@0.4.0/app-with-deps which will be fetched and executed in the app iframe at runtime (remote JS execution required for the app UI), so this external URL executes remote code that the skill depends on.