mcp-server-building

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill includes examples that fetch and return arbitrary web content (e.g., the TypeScript fetch_url tool that does await fetch(url) and the resource read_resource pattern that calls api_client.get on api:// endpoints), meaning the agent will ingest untrusted, user-provided third-party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The TypeScript example defines a tool "fetch_url" that performs fetch(url) at runtime and injects await response.text() into the tool response (i.e., arbitrary external URLs provided to fetch(url) can directly control the model prompt/context), so the runtime fetch of user-supplied URLs (fetch(url)) is a high-confidence risk.