testing-for-broken-access-control

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow and scripts (SKILL.md and scripts/agent.py) explicitly fetch and interpret responses from an arbitrary target base_url (e.g., curl/ffuf calls to https://target.example.com in SKILL.md and requests calls in scripts/agent.py), meaning the agent ingests untrusted third-party web content and acts on response data to decide vulnerabilities and next actions.