collecting-indicators-of-compromise

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The agent's script and API reference explicitly fetch and ingest data from public, user-contributed services (e.g., enrich_ip_virustotal, enrich_hash_malwarebazaar, enrich_domain_abuseipdb in scripts/agent.py and the "External APIs Used" section referencing VirusTotal, MalwareBazaar, AbuseIPDB), and those untrusted third‑party responses are parsed and used to set IOC confidence and drive exports/actions—meeting all criteria for potential indirect prompt-injection influence.