cursor-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md and the .cursor/mcp.json explicitly instruct the agent to connect to MCP servers (e.g., the "github" server) and to use Composer's @docs / @codebase and Agent mode to read external docs and repositories, so it will ingest untrusted public GitHub/docs content that can materially influence actions.