building-threat-intelligence-feed-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted public feeds (e.g., ingest_urlhaus_feed calls https://urlhaus-api.abuse.ch, ingest_feodotracker calls https://feodotracker.abuse.ch, and ingest_taxii_feed connects to configurable TAXII servers) and then normalizes and uses those indicators to drive actions (exporting STIX bundles and pushing to SIEM/Splunk), so third‑party content can materially influence agent behavior.