google-antigravity-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports connecting to remote MCP servers (see references/mcp_integration.md and examples/getting_started/mcp_tools.md which show SSE URLs like "https://example.com/mcp/sse"), and those external MCP servers can expose arbitrary tools/prompts that the agent will register, read, and act on—i.e., untrusted third-party content can directly influence agent decisions and tool use.