ai-pentesting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's ai_pentester.py _recon() step explicitly runs external scanners against a target URL (subfinder, whatweb, nmap, nuclei) and then sends that untrusted, user/public-hosted reconnaissance output into the LLM in _analyze_attack_surface to decide attack targets and exploitation actions, so third-party content from the scanned sites can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs runtime cloning of and execution from https://github.com/KeygraphHQ/shannon.git (git clone … then ./shannon start), so it fetches and executes remote code that the skill depends on to run the agent.