Web Application Security Testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scanner (scripts/owasp_scanner.py) and SKILL.md explicitly instruct running against arbitrary target URLs (--url / "Test this web application"), and the code uses requests.get to fetch and parse responses/headers from those public sites (check_security_headers, check_common_paths, check_cors), meaning it ingests untrusted third-party web content that can influence scanning decisions and subsequent actions.