mcp-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runbook and rules explicitly fetch and ingest public third-party data (e.g., npm via npm view in references/mcp-audit-runbook.md, registry queries to https://registry.modelcontextprotocol.io in rules/registry-discovery.md, and .well-known OAuth discovery in rules/auth-oauth21.md), which the agent is expected to read and act on (vetting, install/pin decisions), so untrusted external content can materially influence tool-installation and runtime behavior.