windsurf-sdk-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 3 "MCP Server Configuration" explicitly instructs connecting a "github" MCP server (and other external MCP servers) so Cascade will ingest repository/content from GitHub and other external services — untrusted, user-generated third‑party content that the agent will read and use to drive actions.