doc-fetcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly uses fetch-mcp to fetch and extract content from public URLs (e.g., GitHub READMEs such as https://github.com/tiangolo/fastapi, community tutorials, and other official/public documentation pages), which are untrusted third‑party sources that the agent ingests and synthesizes, creating a clear avenue for indirect prompt injection.