mcp-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly provisions MCP servers and tools that fetch and browse arbitrary public URLs and web search results (e.g., server-brave-search, server-fetch, puppeteer/playwright in references/configuration.md, references/gemini-cli-integration.md, and URL-taking tools in assets/tools.json), and the agent/subagents are expected to retrieve and interpret those external pages/results as part of their workflow, so untrusted third‑party content can be ingested and enable indirect prompt injection.