tools-and-context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly allows connecting to external MCP servers via mcpServers and ingesting dynamic resources (listResources/getResource) and context attachments (user-selected files), meaning the agent can fetch and read arbitrary third-party URLs/documents and prompts which may be untrusted user-generated content.