a2a-mcp-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to call MCP web-search and data-fetch tools (e.g., examples/data-pipeline-integration.py uses mcp.call_tool("web_search", ...) and templates/layered-stack-pattern.ts exposes readResource(uri)), which implies fetching and ingesting arbitrary public web/search results and external URLs that are untrusted and then processing them as part of the agent workflow.