mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill clearly fetches and ingests untrusted, public third‑party content: the MCP tools in server.py and suggest.py (e.g., tabelog_search_restaurants, tabelog_get_area_suggestions, tabelog_get_keyword_suggestions) scrape and call Tabelog (https://tabelog.com and its internal API https://tabelog.com/internal_api/suggest_form_words) via httpx/BeautifulSoup and return that content for agents to read and act on, which can enable indirect prompt injection.