mcp-apps-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill’s documentation and required workflow explicitly show runtime ingestion of remote third‑party endpoints—for example, references/server/proxy.md describes proxying arbitrary remote MCP servers via a provided URL (e.g., "manufact: { url: 'https://manufact.com/docs/mcp' }") and references/authentication/custom.md shows fetching JWKS and calling external APIs (createRemoteJWKSet and fetch calls), which means the agent can fetch and act on untrusted external content that could influence tool behavior.