getting-started

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads arbitrary third-party web content (e.g., Tool Integration Flow: web_fetch(base_url), find_api_docs/doc_content analysis and requests to RSS/YouTube/newsletter sources or user-provided URLs) and then interprets that content to generate integrations and MCP code, so untrusted external content can directly influence tool behavior and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches user-provided tool documentation at runtime via web_fetch(base_url) (examples: https://notion.so, https://linear.app, and https://smithery.ai) and then directly analyzes that fetched content to generate MCP code and agent instructions, so those external URLs can control prompts/code execution.