vigolium-scanner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and fetches untrusted public content (e.g., external-harvest from Wayback Machine / Common Crawl / AlienVault OTX, arbitrary target URLs, OpenAPI/spec servers via --spec-url, and public git repos via --source-url) and the AI agent workflows (agent pipeline phase 2 plan, agent swarm phase 3 master planning, and autopilot) are documented to read and act on those discovery/spec/source inputs to generate AttackPlans, triage decisions, and executable JS extensions — meaning third‑party content can materially influence tool actions and command/code generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill accepts and automatically clones git URLs at runtime (e.g., --source-url https://github.com/org/repo and git@github.com:org/repo.git), and that fetched source is fed to agent phases (source analysis/SAST/swarm) and can be used to generate or execute JavaScript extensions, so remote content can directly influence prompts and execute code.