Burp Suite Web Application Testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly directs the agent to fetch and inspect arbitrary target web application content (e.g., intercepting requests/responses in "Proxy > HTTP history", sending pages to "Repeater", and entering targets in "New scan" / "URLs to scan"), which are untrusted third-party sources that the agent is expected to read and interpret.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly directs installing Burp's CA into the browser/system trusted roots and configuring proxy-based HTTPS interception, which modifies system/trust state and can bypass TLS protections (a security-sensitive change that may require elevated privileges).