building-ioc-enrichment-pipeline-with-opencti

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests data from public third‑party sources (e.g., VirusTotal, Shodan, AbuseIPDB, GreyNoise, SecurityTrails) — see scripts/process.py (query_virustotal*, _query_shodan, _query_abuseipdb, _query_greynoise) and the SKILL.md connector examples — and directly uses those responses to set labels, confidence scores, create notes, and update OpenCTI, so untrusted external content can materially influence agent decisions and actions.