mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts arbitrary user-generated messages from external clients (see the FastAPI POST /api/agents/{agent_id}/message handler and the @mcp.tool send_to_agent example) and forwards that untrusted content directly into agent.receive_message, so third-party text can influence agent decisions and actions.