mcp-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly directs Claude to discover and fetch public third‑party content — e.g., PulseMCP searches and detail page fetches ("https://www.pulsemcp.com/servers?q=[keyword]" in references/server-discovery.md) and the resource syntax that lets Claude fetch arbitrary HTTP/GitHub resources ("@github:https://github.com/user/repo" and "Claude will fetch the resource content and include it in context") — meaning the agent will read untrusted, user-generated web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill connects at runtime to external MCP endpoints (for example https://mcp.asana.com/sse) which can expose "prompts" that become slash-commands and thus directly control agent instructions, so this is a required runtime dependency that can change agent prompts.