build-copilot-sdk-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill documentation explicitly allows connecting to remote MCP servers and fetching arbitrary URLs that the model can request — e.g., references/agents-mcp-skills.md shows MCPRemoteServerConfig with a public "url" field and references/permissions-and-user-input.md defines a permission kind "url" (request.url) that the agent may request and then read/interpret, meaning untrusted web content can be ingested and influence tool calls and decisions.