smithery-homepage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the app to call external MCP tools via the Smithery Connect API (see the callMcpTool implementation and the requirement to run smithery mcp call <connection> <tool> to generate/copy schemas), which fetches and parses arbitrary third-party/tool outputs (e.g., Linear, Gmail, Notion) that the skill then reads and uses at runtime—exposing the agent to untrusted, user-generated remote content that can influence behavior.