scanning-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly directs the agent to fetch and spider arbitrary external websites and URLs (e.g., Phase 3: "zap-cli quick-scan https://target.com", Burp "Spider the application", nikto -h https://target.com), meaning it ingests untrusted public web content that can be read/interpreted and influence subsequent scanning actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). I flagged this skill because it repeatedly instructs the user/agent to run privileged operations that modify system state (e.g., sudo apt install openvas, sudo systemctl start nessusd, sudo airmon-ng start, sudo lynis audit, sudo freshclam) and to perform actions (service installs/starts, interface monitor mode, deauthentication) that require or encourage elevated privileges and can change the host system.