add-sanity-chatbot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's API route explicitly creates an MCP client using the SANITY_CONTEXT_MCP_URL (https://api.sanity.io/.../agent-context/...) and exposes tools like initial_context and groq_query, and the client-side capture functions (capturePageContext/captureScreenshot) send arbitrary page content to the agent—meaning it ingests untrusted/public site or user-generated content from the Content Lake and current pages which can directly influence tool calls and subsequent agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill connects at runtime to the Sanity Context MCP endpoint (e.g., https://api.sanity.io/:apiVersion/agent-context/:projectId/:dataset/:slug via SANITY_CONTEXT_MCP_URL) and directly imports the MCP-provided tools (mcpClient.tools()) into the model's toolset, meaning remote content from that URL controls available tools/behavior used by the agent.