typescript-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes tools that fetch and ingest open web content (e.g., references/tool-patterns.md "fetch-large-file" which fetches an arbitrary URL, references/tool-patterns.md "External API Wrapper" and templates/tool-server.ts "get-weather" which call public APIs, and the semantic-search/RAG examples that return third-party documents), so the agent will read and interpret untrusted/user-provided web content as part of its workflow.