mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and read external public web resources (e.g., WebFetch of https://raw.githubusercontent.com/... and https://modelcontextprotocol.io/sitemap.xml) and the evaluation harness connects to arbitrary MCP server URLs (sse/http) and loads tool descriptions/results, so it ingests untrusted third‑party content as part of its workflow.