The project does not have any guiding prompts to cover SSRF issues that result from unvalidated/unsanitized user input that can control the host or protocol.
There are instructions that exclude SSRF but no prompting that calls out what types of SSRF to look for.
> 13. SSRF vulnerabilities that only control the path. SSRF is only a concern if it can control the host or protocol.
The project does not have any guiding prompts to cover SSRF issues that result from unvalidated/unsanitized user input that can control the host or protocol.
There are instructions that exclude SSRF but no prompting that calls out what types of SSRF to look for.