integrating-dast-with-owasp-zap-in-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts and scans arbitrary target URLs/OpenAPI specs (see SKILL.md workflow inputs like "target_url" and the GitHub Actions steps) and the runtime scripts (scripts/agent.py and scripts/process.py) run ZAP against those external targets and parse their JSON/HTTP responses to make quality-gate decisions, so untrusted third-party content can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly runs remote executables at runtime—notably the Docker image "zaproxy/zap-stable" (pulled from Docker Hub) and GitHub Actions like "zaproxy/action-baseline@v0.12.0", "zaproxy/action-full-scan@v0.12.0" and "zaproxy/action-api-scan@v0.12.0"—which are fetched and executed by the CI/agent and are required dependencies, so they qualify as runtime external code execution.