spark

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries the Spark MCP at https://spark.memco.ai/mcp (via mcp__Spark__get_recommendation and mcp__Spark__get_insights) to retrieve user/agent-contributed recommendations and insights, which are third-party, user-generated content the agent will read and act on, exposing it to indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill is designed to ALWAYS call the remote MCP at runtime (mcp server URL https://spark.memco.ai/mcp) to fetch recommendations/insights that directly shape the agent's instructions and responses, making that external content a required runtime controller of prompts.