implementing-continuous-security-validation-with-bas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's agent scripts (scripts/agent.py and the CLI described in references/api-reference.md) perform HTTP requests to arbitrary targets (GET http://{target}/health) and to a user-supplied SIEM API URL (siem_url) and then directly interpret those responses to mark detections and drive the generated reports, which means untrusted third-party responses from arbitrary/public URLs can influence the agent's decisions and outputs.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs deploying agents and running privileged/host-modifying simulations (registry run keys, scheduled tasks, LSASS dumps, UAC/AMSI bypasses, lateral-movement tools) which would change the machine state and require elevated privileges, so it pushes the agent toward compromising the host.