analyzing-threat-actor-ttps-with-mitre-navigator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly uses the attackcti client to query ATT&CK STIX/TAXII data from external MITRE/ATT&CK sources (see scripts/agent.py calls like client.get_groups() and get_techniques_used_by_group and SKILL.md step 1), so it ingests open/public third‑party content that is read and used to drive analysis and Navigator layer generation.