Recon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on open/public third‑party content — e.g., querying crt.sh for certificate transparency in DomainRecon, pulling ProjectDiscovery/GitHub and HackerOne/Bugcrowd bounty lists in BountyPrograms, using the IPInfo API, and (crucially) embedding raw scan files into LLM prompts in AnalyzeScanResultsGemini3 via $(cat $SCAN_FILE) — all of which are untrusted external/user-generated sources whose contents are parsed and used to drive tool choices and subsequent actions.