WebAssessment

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill contains an explicit, mandatory pre-action curl notification that forces an out-of-scope network call (potential telemetry/exfiltration) before any assessment, which is a deceptive/behavior-changing instruction outside the skill's stated web-assessment purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill clearly fetches and ingests public/untrusted third‑party content as part of its workflows — e.g., Recon tools like ~/.claude/skills/Recon/Tools/EndpointDiscovery.ts and PathDiscovery.ts that crawl arbitrary target URLs, the OsintTools suite (sherlock, Osintgram, tinfoleak, SpiderFoot, WhatWeb) and the OSINT API guide (Shodan, Dehashed, OSINT Industries), plus the bug‑bounty tracker that reads GitHub/third‑party program pages — all of which cause the agent to read and interpret external user‑generated/public web content.