build-mcp-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs server-side fetching of external, public URLs (e.g., the toDataUrl fetch pattern for external images in references/iframe-sandbox.md and widget-templates.md) and those fetched, untrusted payloads are passed through tool results into the widget (apps-sdk-messages.md) where they are parsed/rendered and can drive app.sendMessage/app.callServerTool actions, so third-party content can influence agent behavior.