mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes runtime MCP tools that fetch and ingest arbitrary external URLs (e.g., assets/openapi-integration.py calls httpx.get(OPENAPI_SPEC_URL) to load an OpenAPI spec and assets/error-handling.py defines resilient_api_call(url: str) which GETs any provided URL), and those fetched specs/responses can be parsed to auto-generate tools or drive behavior, exposing the agent to untrusted third-party content that could enable indirect prompt injection.