fastmcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly exposes fetching of arbitrary public URLs — for example, server.addTool named "fetch-content" (annotations include openWorldHint) returns await fetchWebpageContent(args.url), and several other tool examples (ArkType/Valibot fetch-* tools, image/audio content via external URLs) show the agent ingesting untrusted web content that could contain instructions.