mcp-code-execution

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md) explicitly shows the agent calling MCP tools that read user-generated content—e.g., servers/google-drive/getDocument.ts and getSheet, and slack.getChannelHistory—to ingest document transcripts and channel messages that the agent then interprets (e.g., updating Salesforce or driving polling/decision logic), so untrusted third-party content can materially influence actions.