Onvifscan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to connect to arbitrary ONVIF device URLs/IPs and ingest their responses (including "full XML responses" via the -v option) as part of scanning and brute-force workflows, so untrusted third-party device content could influence subsequent actions (see "Get target information", "Auth Scan", and the -v option in SKILL.md).