mapbox-mcp-devkit-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly exposes tools that retrieve external/user-generated content — e.g., "get_feedback_tool" / "list_feedback_tool" and documentation access via the hosted MCP server (https://mcp-devkit.mapbox.com/mcp) as shown in SKILL.md and AGENTS.md — so the agent will ingest untrusted user feedback/reports that can influence its subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs AI assistants to connect at runtime to the hosted MCP endpoint https://mcp-devkit.mapbox.com/mcp, which supplies tool definitions and executes actions that directly control the agent's available prompts/operations and is a required external dependency for using this skill.