create-agent-with-sanity-context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and injects user-managed Sanity content (Agent Context documents' Instructions/groqFilter and the agent.config systemPrompt) from the Sanity MCP/Studio (see SKILL.md and app/src/app/api/chat/route.ts where it fetches agentConfig.systemPrompt and uses MCP tools), so untrusted, user-provided CMS content is read and directly influences system prompts, tool descriptions, and query behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill creates an MCP client at runtime using the Sanity MCP URL (https://api.sanity.io/v2026-03-03/agent-context/:projectId/:dataset/:slug) and also fetches an agent config (systemPrompt) from Sanity via client.fetch; those external endpoints supply the Instructions/system prompt that directly control the agent's behavior and the code treats them as required (errors if missing), so this is a runtime dependency that controls prompts.