fastmcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill includes examples that fetch and ingest arbitrary external URLs (e.g., async_tool using httpx.AsyncClient.get(url), loading OpenAPI specs via httpx.get("https://api.example.com/openapi.json"), and external icon URLs) so the agent can read/interpret untrusted, public third‑party content as part of its workflow (API responses, OpenAPI specs, images), which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes runtime fetching of an OpenAPI spec (e.g. httpx.get("https://api.example.com/openapi.json").json()) which is then passed to FastMCP.from_openapi to auto-generate tools/resources that directly control the agent's available prompts/operations, satisfying runtime-controlled-instruction and required-dependency conditions.