mcp-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly defines and instructs use of tools that fetch and return public, user‑generated web content (e.g., SKILL.md "Tool Design" / registerTool('search_tweets') calling fetchTweets, the Server Instructions "Data API for Twitter, Reddit, and web search", and the references/error-handling.md fetchHandler that fetches arbitrary URLs), so untrusted third‑party content is ingested and surfaced to the LLM and can materially influence subsequent tool use and decisions.