code-quality-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs DAST and template-based scanners against arbitrary/staging URLs and updates community templates—see references/operations/dast-tools.md (OWASP ZAP commands targeting user-provided URLs and Nuclei usage including nuclei -update-templates) and the security docs (Semgrep/Trivy/Gitleaks in references/operations/nextjs-security.md and drupal-security.md)—which fetch and ingest open, third‑party or user‑controlled content that the agent is expected to read/interpret in reports, creating a clear indirect prompt‑injection exposure.