mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the SKILL.md workflow explicitly instructs the agent to WebFetch public URLs (e.g., "https://modelcontextprotocol.io/llms-full.txt" and raw.githubusercontent.com README links in Phase 1.3/1.4) and to use web search to read external API documentation, meaning untrusted, user-hosted content will be fetched and read as part of the required workflow and could influence subsequent tool use.