rodriguez-threat-hunter-playbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and parses public Mordor datasets and other external playbook pages (see mordor_testing.py: MordorDataset.download/load_events using requests.get and SKILL.md's validate_with_mordor which directs downloading from https://mordordatasets.com/ and other external URLs), so untrusted third‑party content is ingested and used to drive detection testing and playbook behavior.