exploiting-broken-function-level-authorization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses responses from arbitrary target APIs (e.g., BASE_URL in "Phase 1: Admin Endpoint Discovery" in SKILL.md and the --url/requests.request calls in scripts/agent.py), so it ingests untrusted third‑party HTTP responses and uses those responses to decide and drive further testing actions.