PromptInjection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly automates browsing and scraping of arbitrary target URLs (see reconnaissance.sh and APPLICATION-RECONNAISSANCE-METHODOLOGY.md: "browser navigate <TARGET_URL>", "browser extract 'complete HTML DOM'", network-logs, JS downloads, and document upload/RAG testing), and the agent is expected to read and act on that untrusted, user-provided third-party web/document content as part of its workflows, so indirect prompt injection is possible.