PromptInjection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's reconnaissance workflows and scripts explicitly fetch and scrape arbitrary target URLs and third‑party web content (e.g., reconnaissance.sh uses "browser navigate $TARGET_URL", browser extract/network-logs, and a wget loop to download JavaScript URLs), so the agent will ingest untrusted public/web (potentially user-generated) content as part of its workflow.