common-appsec-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and testing options (e.g., "Rich Text / User Content Platforms" and the "Discovery Phase"/"Payload Crafting" steps in SKILL.md) explicitly instruct spawning subagents to test stored XSS in comments, profiles, and other user-generated content, meaning the agents will fetch and read untrusted, public third-party content that can influence testing actions.