smithery-ai-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly shows connecting to arbitrary external MCP servers (e.g., smithery mcp add "https://github.run.tools") and commands to fetch tool listings and JSON schemas (smithery tool list / smithery tool get) so the agent will ingest untrusted third-party tool definitions and use them to form or execute subsequent tool calls, enabling indirect prompt injection.