performing-subdomain-enumeration-with-subfinder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill runs ProjectDiscovery's subfinder (per SKILL.md and scripts/agent.py and scripts/process.py) against public passive sources such as crt.sh, Shodan, VirusTotal, SecurityTrails, Censys, etc., parses those untrusted third‑party results, and uses them to drive downstream probing/validation and scanning decisions (httpx, nuclei), which clearly allows external, user-generated/public content to influence agent actions.