fortify-fod

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's DAST workflow (references/run-dast-scan.md) explicitly accepts and uses arbitrary external URLs (e.g., --api-url "https://api.example.com/openapi.json" and --site-url "https://example.com") which the tools will fetch and ingest as part of scan setup, so untrusted third‑party content can be read and used to influence scanning configuration and subsequent actions.