build-mcp-use-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's docs explicitly instruct fetching public, user-provided repositories and templates (e.g., "npx create-mcp-use-app@latest ... --template owner/repo" in references/02-setup/02-scaffold-with-create-mcp-use-app.md and linking GitHub repos in references/03-cli/06-mcp-use-deploy.md, plus npx install commands in INSTALL.md), which causes the agent/workflow to ingest arbitrary public GitHub/npm content that could influence server scaffolding, config, or subsequent actions.