api-fuzzing-bug-bounty

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and parse third-party public API documentation (e.g., /swagger.json, /openapi.json) and to check archive.org for historical endpoints, which the agent would ingest and use to drive subsequent testing decisions, creating a clear avenue for indirect prompt-injection via untrusted content.