mcp-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and interpreting data from public third‑party sources—e.g., the Registry Discovery code and SKILL.md references to https://registry.modelcontextprotocol.io and the OAuth .well-known discovery flows, plus reading remote MCP servers' tool descriptions via mcp.list_tools—which are untrusted metadata/user-provided content used to make install/auth/tool decisions and therefore could enable indirect prompt injection.