agenticflow-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs attaching MCP clients that let the agent read and write external third-party services (e.g., "Google Docs, Google Sheets, Slack, Notion, GitHub, Apify, Gmail, Pinterest, YouTube, and many more"), so the agent will ingest untrusted/user-generated content from those public providers which can materially influence its tool use and actions.