mcp-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly discovers and aggregates capabilities, prompts, and resources from configured MCP servers (via commands like list-tools which saves to assets/tools.json and list-prompts/list-resources), meaning the agent ingests and reads third-party server-provided content (external MCP servers and arbitrary URLs) that may be untrusted or user-generated.