testing-for-sensitive-data-exposure

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill (SKILL.md and scripts/agent.py) explicitly fetches and parses arbitrary public web content—e.g., SKILL.md curl commands to target.example.com and scripts/agent.py's scan_javascript_files/check_config_files which download HTML, linked .js files and config endpoints (and the docs recommend tools like git-dumper/trufflehog)—so untrusted third‑party content is ingested and used to drive further requests and findings.