integrating-dast-with-owasp-zap-in-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs OWASP ZAP against arbitrary target URLs supplied in the workflow and scripts (see SKILL.md GitHub Actions target inputs and scripts/agent.py and scripts/process.py which call Docker ZAP commands with the --target/-t argument), parses the resulting reports, and uses those findings to make quality-gate decisions—meaning it ingests untrusted, user-provided/public web content that can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs external images/actions at runtime (e.g., docker image "zaproxy/zap-stable" via docker run and GitHub Action "zaproxy/action-baseline@v0.12.0"), which will be fetched and execute remote code and are required dependencies for the scans.