mcp-php-schema

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The schema explicitly defines URL-based elicitation and resource-reading flows—e.g., ElicitRequestURLParams (mode: "url", url field) in reference/client.md and URLElicitationRequiredError plus ReadResourceRequest and Resource/ResourceContents in reference/server.md—so the agent/client is expected to open/read arbitrary resource URLs supplied at runtime, which could expose it to untrusted third-party content that can influence actions.