site-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes scripts that accept arbitrary sitemaps/URL lists and perform live HTTP checks and sitemap parsing (e.g., redirect_checker.py's check_redirect uses http.client to send HEAD requests to --url/--file targets, sitemap_analyzer.py and scripts/link_mapper.py parse external sitemap XML via --file/--sitemap), so it clearly ingests untrusted public web content and uses those results to drive analysis and decisions (redirect maps, hub/spoke detection), enabling indirect prompt-injection risks.