create-agent-with-sanity-context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and uses user-managed Sanity content at runtime (e.g., Agent Context documents and the agent config systemPrompt fetched in references/ecommerce/app/src/app/api/chat/route.ts and SKILL.md describes the Instructions field being injected into tool descriptions and mcpClient.tools() being passed to the LLM), so untrusted, user-generated content can directly change tool definitions, system prompts, and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly creates an MCP HTTP client at runtime using the SANITY_CONTEXT_MCP_URL (e.g. https://api.sanity.io/v2026-03-03/agent-context/:projectId/:dataset/:slug), and the Agent Context document and tool responses fetched from that endpoint (including the Instructions/systemPrompt) are injected into tool descriptions and used to build the agent's system prompt, so remote content directly controls the agent and is required at runtime.