Burp Suite Web Application Testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly requires navigating to and intercepting HTTP traffic from arbitrary target web application URLs and analyzing responses (see Phase 1 "Navigate to target URL in browser" / Proxy > Intercept, Phase 5 "Enter target URL in URLs to scan", and sending requests from HTTP history to Repeater/Intruder), so it ingests untrusted third‑party web content that can materially influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly directs installing Burp's CA into the browser/system trusted roots and configuring proxy-based HTTPS interception, which modifies system/trust state and can bypass TLS protections (a security-sensitive change that may require elevated privileges).