fetching-library-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches public library documentation from third-party Context7 MCP sources (via scripts/fetch-docs.sh -> scripts/fetch-raw.sh -> scripts/mcp-client.py calling get-library-docs for IDs like /reactjs/react.dev), and the filtered output is fed into the LLM, so it clearly ingests untrusted public web content as part of its workflow.