protocol-implementation-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and loading public web resources (e.g., "prefer the full spec text at https://modelcontextprotocol.io/llms-full.txt" and SDK READMEs from https://raw.githubusercontent.com/...), and its evaluation harness can connect to arbitrary MCP server URLs (e.g., -u https://example.com/mcp), so the agent will read untrusted, user-provided third‑party content as part of its workflow.