analyzing-security-headers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and references/implementation.md explicitly require the agent to fetch HTTP/HTTPS response headers from arbitrary target domains via WebFetch (step 2), so it ingests untrusted public web content (response headers/cookies) and uses that content to drive analysis, grading, and remediation decisions.