performing-api-inventory-and-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill actively fetches and parses arbitrary external web content (e.g., probing target domains with httpx/amass in SKILL.md Step 2, requests to JavaScript files in Step 3 and scripts/agent.py's scan_javascript_for_apis, and fetching Swagger/OpenAPI specs via parse_swagger_spec) so untrusted third-party pages and specs are ingested and can directly influence discovery, classification, and subsequent scanning actions.