langgraph-orchestration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs loading and using remote tools and web content (e.g., references/mcp-bridging.md shows MultiServerMCPClient loading tools from URLs like "https://example.com/mcp", and references/deep-agents.md/other files refer to internet_search and fetch_url tools and MCP-loaded tools), which causes the agent to fetch and interpret untrusted third-party content that can influence tool behavior and decision-making.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MultiServerMCPClient examples show the skill connecting at runtime to external MCP endpoints (e.g., https://example.com/mcp, https://jira.example/mcp, https://github.example/mcp) and calling client.get_tools() to fetch tool definitions that are then injected into the agent as runtime tools, which directly control agent behavior and can execute remote actions.