httpx-probe

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running httpx against arbitrary/public URLs (e.g., "httpx -l urls.txt", "cat urls.txt | httpx", -tech-detect, -extract-regex, -mr/-ms filters and pipeline examples to nuclei), which fetches and parses untrusted, user-generated web content and uses that content to drive filtering, fingerprinting, extraction and downstream actions, creating a clear avenue for indirect prompt injection.