Probe

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and docs (SKILL.md plus references/zap-scanning-guide.md and references/nuclei-templates.md) explicitly instruct the agent to spider/scan arbitrary target URLs (e.g., zap.urlopen(target), zap-cli spider https://target.example, nuclei -u ...) and ingest HTTP responses and findings as part of scanning/validation, so untrusted third‑party web content can be read and used to drive follow-up actions.