Security Scanning Tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs crawling and scanning arbitrary public hosts and URLs (e.g., Burp Suite spider/active scanner, OWASP ZAP "zap-full-scan.py -t https://target.com", Nikto "-h https://target.com", Masscan "0.0.0.0/0"), which requires fetching and interpreting untrusted third-party web/network content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill repeatedly instructs privileged, state-changing actions on the host (sudo package installs, systemctl service start, enabling monitor mode, running scanners/exploit frameworks and remediation scripts) which push an agent to modify the machine's state and require/encourage elevated privileges.