helium-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly exposes the agent to public third-party news content via the Helium MCP server (e.g., the "search_news" tool that searches "3.2M+ articles from 5,000+ sources" and functions like "search_balanced_news" and "get_article_bias"), so the agent will fetch and interpret untrusted external articles that could contain instructions influencing its actions.