mintlify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and consume public documentation (e.g., llms.txt at https://docs.example.com/llms.txt, skill.md at https://docs.example.com/skill.md, and via the MCP endpoint /mcp, plus contextual menu actions like "chatgpt"/"claude" that open pages' content), which are untrusted/user-provided web content that the agent is expected to read and that can materially influence tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The documentation explicitly exposes runtime-accessible agent control files and endpoints (e.g., https://docs.example.com/llms.txt, https://docs.example.com/skill.md and the MCP endpoint https://docs.example.com/mcp) which are intended to be fetched at runtime to provide LLM prompts/skill definitions and thus can directly control agent behavior.