mcp-sdk-tier-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's tier-check CLI explicitly uses the GitHub API (see README.md and SKILL.md) to fetch public repository data—issues, labels, releases, and triage metrics—which are untrusted, user-generated third-party content that the agent parses and uses to determine tier decisions.