smithery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to search the public Smithery registry (smithery search, smithery skills search), connect to arbitrary MCP servers via URLs (smithery connect add "https://..."), install and run community skills, and read user reviews—all of which ingest untrusted, user-generated third‑party content that the agent is expected to read and act on.