conducting-api-security-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s required workflow and implementation (SKILL.md and scripts/agent.py) explicitly send requests to an arbitrary --base-url and various endpoints (e.g., requests.get/post using urljoin(base_url, ...), GraphQL introspection, importing OpenAPI specs) and parse those JSON/text responses to decide vulnerabilities, so untrusted third-party API responses can directly influence the agent’s actions and decisions.