bcms-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to use BCMS MCP tools to list, read, create and update entries and media (see the "MCP for agents and IDEs" and "BCMS MCP (agents and IDEs)" sections), which are user-generated/untrusted CMS content the agent is expected to interpret and which can materially influence subsequent actions.