developing-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's instructions and examples (INSTRUCTIONS.md and BUILDING-CLIENTS.md) explicitly demonstrate fetching and ingesting public third-party content—e.g., getNpmPackageInfo calling https://registry.npmjs.org, scrapeUrl / search_web tools, and use of public MCP registries—whose untrusted page contents and tool descriptions are fed to and read by the LLM/agent and can therefore influence tool selection and behavior, enabling indirect prompt injection.