mcporter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows mcporter making calls to arbitrary full URLs and scraping pages (e.g., "mcporter call https://api.example.com/mcp.fetch url:https://example.com" and "mcporter call --stdio ... scrape url=https://example.com"), which means it fetches and ingests untrusted public web content that could influence subsequent tool actions.