nuclei-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Phase 2 "模板搜索与提取 Payload" explicitly instructs the agent to read community-maintained nuclei templates (e.g., find ~/nuclei-templates, cat template.yaml, extract the raw: field) — these templates are public/community third‑party content and the agent is expected to parse them and convert extracted payloads into follow‑on actions (curl requests), so untrusted template content can materially influence tool use.