supervisor-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly declares a uc_connection tool that "Searches the web for current information" (Step 2) and documents MCP/app tools and the multi-turn mcp_approval_request/function_call_output flow (MCP Server Tools section), which the agent ingests and acts on, exposing it to untrusted public web/third-party content that can influence subsequent actions.