project-setup-info-context7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to call mcp_context7_resolve-library-id and mcp_context7_get-library-docs to fetch "the latest libraries, APIs, and documentation" (public third‑party docs) and to read those scaffolding instructions to drive project setup, so untrusted external content can influence actions.