webmcp-mcp-bridge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Before writing code" step explicitly instructs fetching live public docs (e.g., https://webmachinelearning.github.io/webmcp/ and web-search results) and the architecture examples include calling UCP endpoints like https://merchant.com/.well-known/ucp/products, so the agent is expected to ingest and act on content from arbitrary public websites that could contain untrusted instructions.