correlating-threat-campaigns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests third-party, partner- or community-submitted threat data from MISP/TAXII (see SKILL.md Step 1: "ISAC sharing (partner-submitted events in MISP or TAXII)" and the runtime scripts/agent.py which implement a MISPClient that issues HTTP requests to MISP_URL and parses returned events), and that untrusted content is directly read and used to drive correlation, confidence scoring, and attribution decisions.