audit-agentic-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and verify public third‑party sources (e.g., the "Freshness checks" section and the framework picker: "Before relying on this table, rerun: npm view @modelcontextprotocol/..."), so the agent will ingest untrusted public web content (npm metadata, repo release notes, CVE/registry pages) that can materially change routing and design decisions.