kage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses arbitrary public web content during runtime (e.g., Turn 1 discovery commands run subfinder/httpx/gau/katana and the JS-secret-scanner "Download JS assets" step) and uses those untrusted, user-generated/third-party pages and assets to drive downstream decisions and tester dispatches (Turn 2 triggers, exploit PoC construction and chaining), so third-party content can materially influence agent actions.