security-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The DASTScanner in scripts/dast_scan.py accepts an arbitrary target_url and runs web scanners (OWASP ZAP, Nikto, SQLMap) that fetch and parse public/third‑party web content supplied by the user, which is untrusted and ingested as part of the workflow.