fastmcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly includes runtime patterns that fetch and ingest arbitrary public web content (e.g., SKILL.md and Integration Patterns show httpx.get("https://.../openapi.json") and an async_tool that GETs arbitrary URLs, plus sampling/tool examples that expose "fetch_url"/"search_web" to LLMs and a ProxyProvider to remote MCP servers), so the agent can read and interpret untrusted, user-provided third‑party content.