mcp-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to configurable MCP servers (from .claude/.mcp.json) and includes web-capable servers (e.g., server-brave-search, server-fetch, server-puppeteer in references/configuration.md) and tools that take arbitrary URLs (e.g., playwright_screenshot_fullpage in assets/tools.json), and the README/references/gemini-cli-integration.md show workflows where the agent searches, navigates, and summarizes web pages—meaning the agent ingests untrusted public web content and can let that content affect tool selection and automated actions.