gogo-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows workflows that fetch and process data from arbitrary external hosts (e.g., "cat result.json | jq -r '.uri' | httpx -silent" and piping discovered services to nuclei), so the agent would ingest untrusted public web/service content (HTTP responses, banners, certificates) that can influence subsequent scanning/decisions.