xray-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs running xray against arbitrary URLs (Phase 1), using the basic crawler to fetch/site-scan pages (Phase 2), running a passive proxy to analyze browser traffic (Phase 3), and loading community POCs (Phase 5 / https://github.com/chaitin/xray-plugins), so the skill fetches and interprets untrusted public web content and third‑party POCs that can materially influence scanning actions.