web-scanning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Runtime Scanning Commands" and "Page Discovery for Multi-Page Audits" explicitly instruct fetching and crawling arbitrary targets and sitemaps (e.g., npx @axe-core/cli , capture-website-cli "", curl <BASE_URL>/sitemap.xml), which means the agent will ingest untrusted public web content and use it to drive crawling/scan decisions, creating a clear pathway for indirect prompt injection.