ton-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow explicitly instructs the agent to search and fetch pages from the public TON Docs MCP server (via search_ton_docs/get_page_ton_docs pointing at https://docs.ton.org/) and to consult TEPs on GitHub, so it ingests open/public (including user-generated TEPs) third‑party content and synthesizes decisions/code from that material.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls the remote TON Docs MCP server (https://docs.ton.org/mcp) at runtime to fetch documentation pages which are injected into the agent's context to shape its responses, and those fetches are a required dependency for the skill.