mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's evaluation and implementation guides explicitly instruct the agent to retrieve documentation and other information from the open web (e.g., guides/evaluation.md Step 1: "If ambiguity exists, fetch additional information from the web") and the Python guide points to loading a raw GitHub URL via WebFetch, meaning the agent is expected to read untrusted public web content that could influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The evaluation harness and connection code show runtime connections to external MCP servers (e.g., https://example.com/mcp) which provide tool definitions and execute tool calls that can directly control agent prompts and invoke remote actions, so this URL represents a runtime dependency that can control or execute code.