pt-planning-recon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow's Step 2 ("Collect passive intelligence: domains, subdomains, ASN/IP ranges, DNS, mail records, public endpoints, technology stack indicators and externally visible services") requires ingesting open/public third-party data (public DNS/WHOIS/web endpoints and other externally visible content) that the agent must read and use to plan/drive recon, so untrusted external content could influence actions.