performing-cryptographic-audit-of-application

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly connects to arbitrary external hosts and fetches web/TLS data (scripts/agent.py's audit_tls_endpoint performs socket/SSL handshakes against the provided --target host, and references/api-reference.md includes check_hsts() which does requests.get(url)), so untrusted third‑party content (certificates, headers, cipher names, etc.) is ingested and used to generate findings that materially influence decisions and reports.