mastra-hono

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes examples that consume external, potentially untrusted content — e.g., references/mcp-server-patterns.md shows loading tools/resources from external MCP servers via mcpTools/MCPClient (server: "http://..."), RAG tools and vector queries that retrieve documents for agent reasoning, and API-integration examples like githubTool/fetch, meaning the agent is expected to read and interpret third‑party/public data.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes an explicit runtime call to load MCP tools from an external MCP server (e.g., http://mcp-server:8080) via mcpTools, which fetches remote tools/prompts that can execute code or control agent instructions and are used as required runtime dependencies.