ethical-redteam-bugbounty

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and processes untrusted public content (e.g., scripts/recon.py queries crt.sh and performs HTTP requests to arbitrary targets, and scripts/scanner.py runs nmap against provided hosts), and those recon/scan JSON outputs are consumed by scripts/analyzer.py and scripts/reporter.py to generate findings, severities, and follow-up actions—so third-party/user-hosted content can materially influence the agent's decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The install script executes remote code at runtime via curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh piped to /bin/bash, which fetches and runs external code that the installer relies on (Homebrew) — this directly executes remote code during setup.