penetration-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's core automated testing code (references/automated-penetration-testing-framework.md and SKILL.md) issues HTTP requests (requests.get/post in test_sql_injection, test_xss, test_security_headers, test_directory_traversal, etc.), reads response.text and headers from arbitrary target URLs, and uses that untrusted public web content to determine findings and drive reporting, so third‑party content can materially influence behavior.