performing-security-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to scan and "Use Read tool to analyze application structure" on user-supplied target URLs/endpoints (SKILL.md Step 1–2) and includes scanner templates (Nessus/nmap) with placeholder targets, so it will fetch and interpret untrusted public web content from arbitrary sites that can influence subsequent tool actions.