soar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests external, public third-party data — e.g., "Incident enrichment" pulling from VirusTotal and configurable custom connectors/endpoints (see Integration Notes and examples like "https://example.com/api") — and the agent is expected to read and act on that data as part of playbook-driven workflows, so untrusted content can influence actions.