dig

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow (SKILL.md) explicitly instructs the agent to read external public specs and repositories — e.g., https://modelcontextprotocol.io/specification/2025-11-25 and the MCP Apps spec on GitHub, and even falls back to GitHub URLs as a "last resort" — and those external pages are read and used to influence planning/spec decisions, exposing the agent to untrusted third‑party content.