analyzing-apt-group-with-mitre-navigator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill programmatically fetches and parses ATT&CK STIX data from public third-party endpoints (e.g., ATTACK_ENTERPRISE_URL = "https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json" in scripts/agent.py and the curl example in references/api-reference.md), and uses that data to build Navigator layers and drive detection-gap/analysis decisions, so externally hosted content is read and can materially influence agent behavior.