mcp-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required guidance (e.g., rules/registry-discovery.md and rules/auth-oauth21.md) explicitly instructs fetching public endpoints (registry.modelcontextprotocol.io, /.well-known OAuth/OIDC metadata, and other external URLs) and parsing that untrusted third‑party JSON/HTML to make install/auth/tool‑invocation decisions, so runtime-ingested third‑party content can materially influence agent behavior.