mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The evaluation harness (scripts/evaluation.py) calls connection.call_tool(...), and for SSE/HTTP transports the MCP server can return arbitrary free-text in result.content which is then appended into the agent’s messages context (indirect prompt injection via outsider-authored tool output).