mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Flagged because the SKILL.md workflow explicitly requires using WebFetch and web search to load external public documents (e.g., Phase 1.3: "Use WebFetch to load: https://modelcontextprotocol.io/llms-full.txt" and Phase 1.4/1.5: fetching SDK docs from raw.githubusercontent.com and "use web search and the WebFetch tool as needed"), so the agent will ingest and act on untrusted third‑party web content that could contain instructions influencing tool behavior.