generate-mcp-app-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill requires the user to paste the tool's test JSON (see "The tool's test JSON is always required" in SKILL.md), meaning it ingests untrusted user-generated/third-party data which the agent must read to choose visuals and generate code, so that content could materially influence behavior and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The widget template loads and executes required remote scripts at runtime — e.g. https://cdn.jsdelivr.net/npm/@modelcontextprotocol/ext-apps/+esm, https://cdn.jsdelivr.net/npm/@fluentui/tokens/+esm, and https://unpkg.com/@fluentui/web-components@beta/dist/web-components.min.js — so external code is fetched and executed as a required dependency.