testing-api-for-mass-assignment-vulnerability

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (SKILL.md and scripts/agent.py) issues HTTP requests to an arbitrary BASE_URL (e.g., f"{BASE_URL}/users/me", registration and order endpoints), parses resp.json responses, and uses those untrusted API responses to drive verification and follow-up actions (role elevation checks, admin endpoint access, further tests), so third-party content can materially influence the agent's behavior.