webmcp-tool-schemas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to "Fetch live docs" (including fetching https://webmachinelearning.github.io/webmcp/ and performing web-searches for webmcp/JSON Schema guidance), so the agent will ingest and act on untrusted, public third-party content that can influence schema design and subsequent tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching the live spec at runtime (https://webmachinelearning.github.io/webmcp/), and that fetched content would directly determine how the agent constructs prompts/schemas, making it a runtime external dependency that controls agent instructions.