analyzing-security-headers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and references/implementation.md explicitly require fetching HTTP(S) response headers from arbitrary target URLs/domains (e.g., "Fetch response headers" and "Make HEAD or GET request to target"), meaning the agent will ingest untrusted public web content (HTTP responses) that directly affects scoring and remediation decisions.