hackerone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches HackerOne program pages and downloads scope CSVs from a provided program URL (see SKILL.md and README "Option 1: HackerOne URL" / "Workflow 1"), and those program guidelines and CSVs (third‑party, user-provided content) are parsed and used to drive agent actions and testing behavior, creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches HackerOne program pages (e.g. https://hackerone.com/program-name) at runtime to download program guidelines and a scope CSV which are then passed to and used to steer pentester agents, so the external URL can directly control agent prompts/instructions.