dotnet-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs connecting to remote MCP servers over HTTP (e.g., SKILL.md "When consuming a server" and references/patterns.md HTTP client pattern with an Endpoint) and to call APIs like ListToolsAsync, ListPromptsAsync, ReadResourceAsync and pass discovered McpClientTool instances into an IChatClient, which means untrusted remote server-provided tools, prompts, and resources would be ingested and could directly influence agent actions.