ahrefs-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to use the Ahrefs MCP server to pull backlink data (e.g., "What to pull: ... Backlink list ... anchor text") which ingests untrusted public web content (external sites' backlinks and anchor text) that the agent must read and use to drive analysis and follow-up actions, creating a vector for indirect prompt injection.