performing-api-inventory-and-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses arbitrary public web content as part of its required workflow—e.g., SKILL.md Step 2 (active probing using httpx/curl), Step 3 (JavaScript Source Analysis using requests.get on js URLs), and scripts/agent.py (accepting --target-url, --js-url, --swagger-url and parsing remote OpenAPI/JS responses)—so untrusted third‑party content is ingested and can materially influence discovery, classification, and follow-up actions.