databricks-agent-bricks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly describes connecting to external MCP servers via Unity Catalog HTTP Connections (see "External MCP Servers" in 2-supervisor-agents.md and the SKILL.md MCP Tools section), and the agent is expected to call tools/list and tools/call on those third‑party JSON‑RPC endpoints and use their tool definitions/responses to route and execute actions, which can materially influence behavior and thus enables indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill config includes a Unity Catalog HTTP Connection pointing to an external MCP server (https://my-app.databricksapps.com with base_path '/api/mcp') which is invoked at runtime via JSON‑RPC (tools/list, tools/call) to perform actions on external systems, i.e., a runtime dependency that executes remote operations.