developing-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required docs (INSTRUCTIONS.md and BUILDING-CLIENTS.md) include examples that fetch and ingest public web content—e.g., getNpmPackageInfo calls https://registry.npmjs.org/, there are scrapeUrl/search_web examples and registry.modelcontextprotocol.io discovery—and those tool/resource results are explicitly fed into the LLM workflow (agentic RAG and tool-call loops), so untrusted third‑party pages or tool descriptions can materially influence tool selection and model behavior.