mcp-server-evaluations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill issues HTTP requests and JSON-RPC calls to arbitrary MCP endpoints (e.g., MCP_PATH /mcp in the curl/fetch examples and the Inspector remote example https://my-mcp.workers.dev/mcp), ingesting tool lists, tool descriptions, and tool responses from those external servers which are untrusted third-party content that the agent must read and interpret.