performing-soap-web-service-security-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and parses arbitrary WSDL URLs using requests.get(self.wsdl_url) in parse_wsdl (present in SKILL.md and scripts/agent.py), so untrusted third‑party XML from those URLs is ingested and directly determines operations/endpoints that drive subsequent tests.