mcp-detector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill recommends and can invoke tools that search and ingest content from public sources—explicitly mcp__plugin_oh_grep_app__searchGitHub (GitHub) and mcp__plugin_oh_web_search__web_search_exa (open web)—so the agent would read untrusted, user-generated third-party content as part of its workflow.