copilot-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly documents connecting to external MCP HTTP servers (MCP Server Integration: mcpServers with an http url like "https://api.githubcopilot.com/mcp/") and external provider baseUrl (BYOK), which lets the agent fetch and act on responses/tool definitions from arbitrary remote HTTP endpoints that can materially influence subsequent tool use.