mcp-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill discovers and ingests tool/prompts/resources from configured MCP servers (via scripts like scripts/cli.ts list-tools / list-prompts that save to assets/tools.json, with servers listed in .claude/.mcp.json) and the LLM directly reads assets/tools.json to select and execute tools—meaning untrusted third-party server-provided content can influence tool selection and actions.