mcp-server-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's templates and workflow explicitly create tools/resources that fetch and ingest public web APIs and search results (e.g., examples/simple-weather-server.ts fetches from https://api.weather.gov and reference/tool-examples.yaml defines a "search_web" tool that uses search engine APIs and api:// endpoints), so the agent will read untrusted third‑party content as part of its runtime workflow which can influence tool use and decisions.