copilotkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports "Open-Ended Generative UI (MCP Apps)" and MCP servers (mcpServers with HTTP URLs) that let agents render full UI surfaces (HTML/iframes/custom JSON) from external HTTP endpoints (see references/generative-ui.md and the MCPAppsMiddleware example), which clearly allows ingesting and executing arbitrary third-party content that can influence agent behavior and tool calls.