content-editing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Part 4 instructs the AI to use the documentation MCP server (search_influxdb_knowledge_sources) to fetch and fact-check content from rendered docs plus "community forums, and some third-party tool documentation" (public, user-generated sources), which the agent will read and use to drive edits and decisions, creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly relies on the Documentation MCP server (https://influxdb-docs.mcp.kapa.ai) at runtime via the search_influxdb_knowledge_sources tool to fetch Markdown chunks that are injected into the assistant's context for fact-checking, so remote content directly influences prompts and is a required dependency.