building-patch-tuesday-response-process

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and ingests open/public third-party feeds (e.g., MSRC API calls in scripts/agent.py, the CISA KEV JSON feed referenced in scripts/agent.py and scripts/process.py, and the EPSS API in scripts/process.py, plus SKILL.md triage steps instructing monitoring MSRC/vendor advisories) and uses that data to prioritize patches and decide deployment urgencies, so external content can materially influence agent behavior.