mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md's Phase 1 and the reference files explicitly require fetching and reading public third‑party pages (e.g., https://modelcontextprotocol.io/sitemap.xml and raw SDK READMEs on https://raw.githubusercontent.com/...) via WebFetch/web search as part of the core workflow, so the agent will ingest untrusted, user‑controlled web content that can materially influence tool design and runtime actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The evaluation harness and connection code allow runtime connections to a remote MCP server (e.g., the example URL "https://example.com/mcp") via SSE/HTTP, and when used the agent will call remote tools on that URL which execute code and directly affect the agent's behavior.