fw-publish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls the external MCP server (https://mcp.freshworks.dev/mcp) — e.g., SKILL.md steps 1 and 6 where it invokes list_custom_apps and list_app_versions — and reads developer-provided app metadata (app rows, version states) which the agent must interpret to choose appId, routing, and whether to proceed, so untrusted third-party content can materially influence actions.