pi-mcp-adapter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the skill explicitly connects to arbitrary MCP servers and HTTP/SSE endpoints (see "HTTP/SSE Servers" and the mcpServers examples), reads external resources via mcp({ action: "read-resource" }) ("Working with Resources"), and fetches/handles UI HTML and messages from _meta.ui.resourceUri using mcp({ action: "ui-messages" }) ("UI Communication Flow"), so untrusted third‑party content can directly influence tool discovery and the agent's subsequent actions.