security-headers-configuration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes a testing script in references/security-headers-testing-script.md (also shown in SKILL.md) that uses axios.get(url) to fetch arbitrary public URLs and then reads and interprets response headers to compute a security score and recommendations, meaning untrusted third-party content can directly influence the tool's decisions and outputs.