mcp-server-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references explicitly show tool handlers that fetch and ingest arbitrary user-supplied URLs (e.g., references/tools.md error-handling example: inputSchema with endpoint: z.string().url() followed by fetch(endpoint), and references/sampling.md/fetchDocument(documentUri)), so the agent will read untrusted third-party web content and use it to drive tool outputs and decisions.