mcp-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly describes connecting to external data sources and includes concrete handlers that fetch and return arbitrary third‑party content (e.g., references/tools.md "HTTP API Tool" that GETs args.url and references/resources.md examples like repo://{owner}/{repo}/issues which call fetchGitHubIssues), so untrusted user-generated web content can be ingested and influence prompts/tool responses.