mcp-to-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow (Phase 1, step 4) explicitly instructs the agent to fetch public package registry READMEs and source (e.g., "npm info or pip show then fetch the README or source") and the conversion patterns also call out using web_fetch/curl, so the agent will ingest and interpret arbitrary public third‑party content that can change tooling and action decisions.