mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and process public web content (e.g., the Gemini CLI example "Take a screenshot of https://example.com" and the github_search_repos tool / "Search GitHub for MCP servers" examples), meaning the agent will ingest and interpret untrusted user-generated content from arbitrary URLs and GitHub.