mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs building MCP tools that call external/public APIs and return their responses to the model (e.g., "Usage Examples -> Example 2: API Integration" with fetch("https://api.weather.com/v1/${city}") and the "When to Use" / "Automating interactions with third-party services" guidance), so the agent is expected to read/interpret untrusted third-party responses that could influence subsequent actions.