api-security-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "API发现" and scanning examples (e.g., "gobuster dir -u https://target.com", "分析JavaScript文件", Burp Suite passive scanning, zap-cli quick-scan http://target.com/api and the requests loop to https://target.com/api/endpoint) explicitly instruct fetching and analyzing content from arbitrary public websites/APIs, which are untrusted third‑party sources the agent would read and interpret.