mcp-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill connects to configurable MCP servers that include web-search and fetch/browser automation servers (e.g., @modelcontextprotocol/server-brave-search, server-fetch, server-puppeteer and tools like playwright_screenshot_fullpage shown in references/configuration.md, assets/tools.json, and scripts/cli.ts), accepts arbitrary URLs/queries, and the agent/LLM is expected to read and analyze those fetched public web results as part of its workflow, exposing it to untrusted third‑party content that could enable indirect prompt injection.