security-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime agents (notably agents/appsec/dast.md and various penetration agents) explicitly instruct running scanners and HTTP requests against arbitrary target URLs (e.g. ZAP/Nuclei with target: 'https://staging.example.com', curl/ffuf examples) which means the agent fetches and parses open/public web content (responses, pages, APIs) as part of its workflow and those results can drive tool use and follow-up actions—exposing it to untrusted third-party content that could carry indirect prompt-injection instructions.