byted-data-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly calls external public data sources via the MCP gateway (see SKILL.md "第一步：查询可用数据源（必须先执行）") and the runtime scripts (scripts/describe_datasource.py, scripts/query_datasource.py, scripts/get_field_enums.py which use mcp_gateway_client.py targeting DEFAULT_MCP_GATEWAY_URL) and requires the agent to read those returned, potentially user-populated/public values to decide filters and follow-up queries, so untrusted third‑party content can materially influence subsequent tool use.