cve-poc-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and ingest public, untrusted sources (e.g., NVD REST API https://services.nvd.nist.gov, vendor advisories referenced by NVD, GitHub Security Advisories, Exploit-DB, public blog write-ups and Qualys CDN links) and to use that content to drive PoC generation and report decisions, which meets all criteria for exposure to indirect prompt injection.