mcp-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires fetching and reading public web content (e.g., "Start with the sitemap at https://modelcontextprotocol.io/sitemap.xml" and loading SDK docs from https://raw.githubusercontent.com/...) and instructs using web search/WebFetch as part of the Phase 1 research workflow, which exposes the agent to untrusted, third‑party pages that can influence tool design and subsequent actions.