burp-suite-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to navigate to and intercept traffic from a target web application URL using Burp's browser (see "Phase 1: Intercepting HTTP Traffic" / "Navigate to target URL") and to view and interpret HTTP requests/responses in Proxy > HTTP history and Repeater/Intruder, i.e., arbitrary public web content that directly informs subsequent testing actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill mainly guides interactive Burp Suite testing and does not ask to create users or run sudo commands, but it explicitly advises installing/adding the Burp CA certificate to browser/system trusted roots (a security-sensitive change that can modify system trust stores and often requires administrative privileges), so it poses a moderate risk of altering the machine's security state.