mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and ingests untrusted third‑party content — e.g., assets/openapi-integration.py loads an OpenAPI spec from OPENAPI_SPEC_URL via httpx.get and assets/api-client-pattern.py exposes tools (api_get/api_post/batch_api_requests) that call arbitrary external endpoints — and that fetched/spec/response data is used to auto-generate MCP tools/resources and to drive tool behavior, so external content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The openapi-integration script performs a runtime httpx.get(OPENAPI_SPEC_URL) (defaulting to e.g. https://api.example.com/openapi.json) and passes the fetched OpenAPI JSON into FastMCP.from_openapi to auto-generate tools/resources, meaning remote content fetched at runtime directly controls the agent/server behavior.