mcp-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's GitHub integration example (Example 3) explicitly fetches and exposes public, user-generated content from the GitHub API (issues, pull requests, code search) for the agent to read and act on, which can supply untrusted third-party content usable for indirect prompt injection.