ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md shows ai.mcp.get_http_tools("https://mcp.example.com/mcp", ...) which fetches tool definitions from arbitrary HTTP endpoints and returns Tool objects the agent will load/execute, so untrusted third‑party content can directly influence tool use and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). ai.mcp.get_http_tools("https://mcp.example.com/mcp") is called at runtime to fetch remote tool definitions which the agent will load and run (thus remotely controlling agent behavior), so this URL is a high-risk runtime dependency.