azure-web-application-firewall

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly requires fetching remote Markdown from Microsoft Docs at runtime (via mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage) — e.g. https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-best-practices — and injects that content into the agent context, so the external URL directly controls prompts/responses.