OpenAI Apps MCP

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's tool handler examples (e.g., "fetchWeather(city)" and "fetchRestaurants(city, cuisine)" and product.image values used in widgets) explicitly fetch and include external API/website data into tool responses and _meta.initialData that the agent (ChatGPT) will read and render, exposing it to untrusted third-party content.