security-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and scripts/analyze-security.sh) accepts arbitrary --target URLs and runs DAST tools (e.g., "zap-baseline.py -t $TARGET") and optional LLM-powered analysis on those fetched web targets, meaning it ingests untrusted third-party web content that can influence LLM-driven findings and follow-up remediation actions.